Merge pull request #1231 from wultra/develop

Merge develop to master

.github/workflows/coverity-scan.yml

@@ -0,0 +1,16 @@
+name: Run Coverity scan and upload results
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 10 1 * *'    # monthly
+
+
+jobs:
+  coverity-scan:
+    uses: wultra/wultra-infrastructure/.github/workflows/coverity-scan.yml@develop
+    secrets: inherit
+    with:
+      project-name: ${{ github.event.repository.name }}
+      version: ${{ github.sha }}
+      description: ${{ github.ref }}

.github/workflows/maven-deploy.yml

@@ -0,0 +1,52 @@
+name: Deploy with Maven
+
+on:
+  workflow_dispatch:
+    branches:
+      - 'develop'
+      - 'master'
+      - 'releases/*'
+      - 'test/ci'
+    inputs:
+      release_type:
+        type: choice
+        description:
+        default: snapshot
+        options:
+          - snapshot
+          - release
+      environment:
+        type: environment
+        default: internal-publish
+        description: internal or external repository
+  push:
+    branches:
+     - 'develop'
+     - 'test/ci'
+
+
+
+jobs:
+  maven-deploy-jfrog:
+    if: ${{ github.event_name == 'push' }}
+    name: Deploy to jfrog
+    uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop
+    with:
+      environment: internal-publish
+      release_type: snapshot
+    secrets:
+      username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+      password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+
+  maven-deploy-manual:
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    name: Deploy by parameter
+    uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop
+    with:
+      environment: ${{ inputs.environment }}
+      release_type: ${{ inputs.release_type }}
+    secrets:
+      username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+      password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+      gpg_passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+      gpg_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}

.github/workflows/maven-test.yml

@@ -0,0 +1,18 @@
+name: Test with Maven
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - 'releases/**'
+  pull_request:
+    branches:
+      - 'develop'
+      - 'master'
+      - 'releases/**'
+
+jobs:
+  maven-tests:
+    uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
+    secrets: inherit

.github/workflows/owas-dependecy-check.yml

@@ -0,0 +1,12 @@
+name: Run OWASP Dependency Check
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - 'develop'
+
+jobs:
+  owasp-check:
+      uses: wultra/wultra-infrastructure/.github/workflows/owasp-dependency-check.yml@develop
+      secrets: inherit

.run/NextStepApplication.run.xml

@@ -0,0 +1,10 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="NextStepApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
+    <module name="powerauth-nextstep" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.powerauth.app.nextstep.NextStepApplication" />
+    <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/powerauth-nextstep -Dserver.port=9082" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>

.run/PowerAuthWebFlowApplication.run.xml

@@ -0,0 +1,10 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="PowerAuthWebFlowApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" nameIsGenerated="true">
+    <module name="powerauth-webflow" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.powerauth.app.webflow.PowerAuthWebFlowApplication" />
+    <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/powerauth-webflow -Dserver.port=9080" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>

.run/PowerAuthWebFlowClientApplication.run.xml

@@ -0,0 +1,10 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="PowerAuthWebFlowClientApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
+    <module name="powerauth-webflow-client" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.powerauth.app.webflow.demo.PowerAuthWebFlowDemoApplication" />
+    <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/powerauth-webflow-client -Dserver.port=9083" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>

.run/TppEngineApplication.run.xml

@@ -0,0 +1,10 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="TppEngineApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
+    <module name="powerauth-tpp-engine" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.powerauth.app.tppengine.TppEngineApplication" />
+    <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/tpp-engine -Dserver.port=9081" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>

doc-private/Developer-How-To-Start.md

@@ -0,0 +1,41 @@
+# Developer - How to Start Guide
+
+
+## Webflow
+
+
+### Standalone Run
+
+- Enable maven profile `standalone`
+- Use IntelliJ Idea run configuration at `../.run/PowerAuthWebFlowApplication.run.xml`
+- Open [http://localhost:9080/powerauth-webflow/actuator/health](http://localhost:9080/powerauth-webflow/actuator/health) and you should get `{"status":"UP"}`
+
+
+## TPP Engine
+
+
+### Standalone Run
+
+- Enable maven profile `standalone`
+- Use IntelliJ Idea run configuration at `../.run/TppEngineApplication.run.xml`
+- Open [http://localhost:9081/tpp-engine/actuator/health](http://localhost:9081/tpp-engine/actuator/health) and you should get `{"status":"UP"}`
+
+
+## NextStep
+
+
+### Standalone Run
+
+- Enable maven profile `standalone`
+- Use IntelliJ Idea run configuration at `../.run/NextStepApplication.run.xml`
+- Open [http://localhost:9082/powerauth-nextstep/actuator/health](http://localhost:9082/powerauth-nextstep/actuator/health) and you should get `{"status":"UP"}`
+
+
+## Webflow Client
+
+
+### Standalone Run
+
+- Enable maven profile `standalone`
+- Use IntelliJ Idea run configuration at `../.run/PowerAuthWebFlowClientApplication.run.xml`
+- Open [http://localhost:9083/powerauth-webflow-client/actuator/health](http://localhost:9083/powerauth-webflow-client/actuator/health) and you should get `{"status":"UP"}`

docs/Deploying-Wildfly.md

@@ -25,7 +25,7 @@ Web Flow contains the following configuration in `jboss-deployment-structure.xml
 		
 		<resources>
 			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk15on-1.70.jar" use-physical-code-source="true"/>
+			<resource-root path="WEB-INF/lib/bcprov-jdk18on-1.72.jar" use-physical-code-source="true"/>
 		</resources>
 
 		<local-last value="true" />
@@ -49,7 +49,7 @@ Similarly, Next Step contains the following configuration in `jboss-deployment-s
 		
 		<resources>
 			<!-- use WAR provided Bouncy Castle -->
-			<resource-root path="WEB-INF/lib/bcprov-jdk15on-1.70.jar" use-physical-code-source="true"/>
+			<resource-root path="WEB-INF/lib/bcprov-jdk18on-1.72.jar" use-physical-code-source="true"/>
 		</resources>
 
 		<local-last value="true" />

docs/Migration-Instructions.md

@@ -2,6 +2,7 @@
 
 This page contains PowerAuth Web Flow migration instructions.
 
+- [PowerAuth Web Flow 1.4.0](./Web-Flow-1.4.0.md)
 - [PowerAuth Web Flow 1.3.0](./Web-Flow-1.3.0.md)
 - [PowerAuth Web Flow 1.2.0](./Web-Flow-1.2.0.md)
 - [PowerAuth Web Flow 1.1.0](./Web-Flow-1.1.0.md)

docs/Web-Flow-1.4.0.md

@@ -0,0 +1,23 @@
+# Migration from 1.3.0 to 1.4.0
+
+## Database Changes
+
+Following database changes were introduced in version `1.4.0`:
+
+DDL update script for Oracle:
+
+```sql
+ALTER TABLE tpp_detail ADD tpp_blocked NUMBER(1) DEFAULT 0 NOT NULL;
+```
+
+DDL update script for MySQL:
+
+```sql
+ALTER TABLE tpp_detail ADD tpp_blocked BOOLEAN NOT NULL DEFAULT FALSE;
+```
+
+DDL update script for PostgreSQL:
+
+```sql
+ALTER TABLE tpp_detail ADD tpp_blocked BOOLEAN DEFAULT FALSE NOT NULL;
+```

docs/Web-Flow-Installation-Manual.md

@@ -342,3 +342,12 @@ Start Tomcat with following command:
 To observe tomcat logs interactively, use following command:
 
 `$ tail -f -n200 /opt/tomcat/logs/catalina.out`
+
+### How to Disable Display of Tomcat Version
+
+It case you do not want to show Tomcat version on error pages when deploying Web Flow server, you can use the following configuration:
+
+- Edit the file `<install-directory>/conf/server.xml`.
+- Search for the parameters `<Host name="..."/>`.
+- Just below that line, insert the following parameters `<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>`.
+- Restart Tomcat.

docs/sql/mysql/create_schema.sql

@@ -545,7 +545,8 @@ CREATE TABLE tpp_detail (
   tpp_website           TEXT NULL,                                   -- TPP website, if available.
   tpp_phone             VARCHAR(256) NULL,                           -- TPP phone number, if available.
   tpp_email             VARCHAR(256) NULL,                           -- TPP e-mail, if available.
-  tpp_logo              BLOB NULL                                    -- TPP logo, if available.
+  tpp_logo              BLOB NULL,                                   -- TPP logo, if available.
+  tpp_blocked           BOOLEAN NOT NULL DEFAULT FALSE               -- Indication if this TPP provider is blocked or not.
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 CREATE TABLE tpp_app_detail (
@@ -560,7 +561,7 @@ CREATE TABLE tpp_app_detail (
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Table audit_log stores auditing information
-CREATE TABLE audit_log (
+CREATE TABLE IF NOT EXISTS audit_log (
     audit_log_id       VARCHAR(36) PRIMARY KEY,
     application_name   VARCHAR(256) NOT NULL,
     audit_level        VARCHAR(32) NOT NULL,
@@ -577,7 +578,7 @@ CREATE TABLE audit_log (
 ) ENGINE=InnoDB AUTO_INCREMENT=1 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Table audit_param stores auditing parameters
-CREATE TABLE audit_param (
+CREATE TABLE IF NOT EXISTS audit_param (
     audit_log_id       VARCHAR(36),
     timestamp_created  TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     param_key          VARCHAR(256),
@@ -619,13 +620,13 @@ CREATE INDEX ns_authentication_timestamp_created ON ns_authentication (timestamp
 CREATE UNIQUE INDEX ns_hashing_config_name ON ns_hashing_config (name);
 CREATE UNIQUE INDEX ns_user_alias_unique ON ns_user_alias (user_id, name);
 CREATE UNIQUE INDEX ns_user_role_unique ON ns_user_role (user_id, role_id);
-CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created);
-CREATE INDEX audit_log_application ON audit_log (application_name);
-CREATE INDEX audit_log_level ON audit_log (audit_level);
-CREATE INDEX audit_log_type ON audit_log (audit_type);
-CREATE INDEX audit_param_log ON audit_param (audit_log_id);
-CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created);
-CREATE INDEX audit_param_key ON audit_param (param_key);
+CREATE INDEX IF NOT EXISTS audit_log_timestamp ON audit_log (timestamp_created);
+CREATE INDEX IF NOT EXISTS audit_log_application ON audit_log (application_name);
+CREATE INDEX IF NOT EXISTS audit_log_level ON audit_log (audit_level);
+CREATE INDEX IF NOT EXISTS audit_log_type ON audit_log (audit_type);
+CREATE INDEX IF NOT EXISTS audit_param_log ON audit_param (audit_log_id);
+CREATE INDEX IF NOT EXISTS audit_param_timestamp ON audit_param (timestamp_created);
+CREATE INDEX IF NOT EXISTS audit_param_key ON audit_param (param_key);
 CREATE FULLTEXT INDEX audit_param_value ON audit_param (param_value);
 
 -- Foreign keys for user identity, to be used only when all user identities are stored in Next Step