Skip to content

Commit

Permalink
Development: Update server dependencies (#7464)
Browse files Browse the repository at this point in the history
  • Loading branch information
@krusche
krusche authored Nov 3, 2023
1 parent f0e4f10 commit 8ec8f03
Show file tree
Hide file tree
Showing 16 changed files with 117 additions and 95 deletions.
50 changes: 26 additions & 24 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@ plugins {
id "jacoco"
id "org.springframework.boot" version "${spring_boot_version}"
id "io.spring.dependency-management" version "1.1.3"
id "com.google.cloud.tools.jib" version "3.3.2"
id "com.google.cloud.tools.jib" version "3.4.0"
id "com.github.node-gradle.node" version "${gradle_node_plugin_version}"
id "com.diffplug.spotless" version "6.21.0"
id "com.diffplug.spotless" version "6.22.0"
// this allows us to find outdated dependencies via ./gradlew dependencyUpdates
id "com.github.ben-manes.versions" version "0.48.0"
id "com.github.ben-manes.versions" version "0.49.0"
id "com.github.andygoossens.modernizer" version "${modernizer_plugin_version}"
id "com.gorylenko.gradle-git-properties" version "2.4.1"
id "info.solidsoft.pitest" version "1.9.11"
id "org.owasp.dependencycheck" version "8.4.0"
id "com.adarshr.test-logger" version "3.2.0"
id "info.solidsoft.pitest" version "1.15.0"
id "org.owasp.dependencycheck" version "8.4.2"
id "com.adarshr.test-logger" version "4.0.0"
}

group = "de.tum.in.www1.artemis"
Expand Down Expand Up @@ -233,7 +233,7 @@ dependencies {
}
}

implementation "org.apache.logging.log4j:log4j-to-slf4j:2.20.0"
implementation "org.apache.logging.log4j:log4j-to-slf4j:2.21.1"

implementation "uk.ac.ox.ctl:spring-security-lti13:0.0.4"

Expand All @@ -242,7 +242,7 @@ dependencies {
implementation "org.eclipse.jgit:org.eclipse.jgit.ssh.apache:${jgit_version}"
implementation "org.eclipse.jgit:org.eclipse.jgit.http.server:${jgit_version}"
// https://mvnrepository.com/artifact/net.sourceforge.plantuml/plantuml
implementation "net.sourceforge.plantuml:plantuml:1.2023.10"
implementation "net.sourceforge.plantuml:plantuml:1.2023.12"
implementation "org.imsglobal:basiclti-util:1.2.0"
implementation "org.jasypt:jasypt:1.9.3"
implementation "me.xdrop:fuzzywuzzy:1.4.0"
Expand All @@ -257,7 +257,7 @@ dependencies {
implementation "com.thoughtworks.qdox:qdox:2.0.3"
implementation "io.sentry:sentry-logback:${sentry_version}"
implementation "io.sentry:sentry-spring-boot-starter:${sentry_version}"
implementation "org.jsoup:jsoup:1.16.1"
implementation "org.jsoup:jsoup:1.16.2"
implementation "commons-codec:commons-codec:1.16.0" // needed for spring security saml2

implementation "org.springdoc:springdoc-openapi-ui:1.7.0"
Expand All @@ -271,7 +271,7 @@ dependencies {

implementation "tech.jhipster:jhipster-framework:${jhipster_dependencies_version}"
implementation "org.springframework.boot:spring-boot-starter-cache:${spring_boot_version}"
implementation "io.micrometer:micrometer-registry-prometheus:1.11.4"
implementation "io.micrometer:micrometer-registry-prometheus:1.11.5"
implementation "net.logstash.logback:logstash-logback-encoder:7.4"
implementation "com.fasterxml.jackson.datatype:jackson-datatype-hppc:${fasterxml_version}"
implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${fasterxml_version}"
Expand All @@ -284,10 +284,12 @@ dependencies {
implementation "javax.cache:cache-api:1.1.1"
implementation "org.hibernate:hibernate-core:${hibernate_version}"
implementation "com.zaxxer:HikariCP:5.0.1"
// TODO: for some reason 1.11.0 breaks some tests (e.g. shouldSaveBuildLogsOnStudentParticipationWithoutSubmissionNorResult)
implementation "org.apache.commons:commons-text:1.10.0"
implementation "org.apache.commons:commons-math3:3.6.1"
implementation "javax.transaction:javax.transaction-api:1.3"
implementation "org.hibernate:hibernate-entitymanager:${hibernate_version}"
// TODO: we cannot upgrade because 4.24.0 would not work with H2 in the tests due to the reserved keyword 'groups', see https://github.com/liquibase/liquibase/pull/4052
implementation "org.liquibase:liquibase-core:4.23.2"
implementation "org.springframework.boot:spring-boot-starter-validation:${spring_boot_version}"
implementation "org.springframework.boot:spring-boot-loader-tools:${spring_boot_version}"
Expand All @@ -305,16 +307,16 @@ dependencies {
implementation "org.springframework.boot:spring-boot-starter-thymeleaf:${spring_boot_version}"

implementation "org.springframework.ldap:spring-ldap-core:2.4.1"
implementation "org.springframework.data:spring-data-ldap:2.7.15"
implementation "org.springframework.data:spring-data-ldap:2.7.17"

implementation "org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:3.1.7"
implementation "org.springframework.cloud:spring-cloud-starter-config:3.1.8"
implementation "org.springframework.boot:spring-boot-starter-cloud-connectors:2.2.13.RELEASE"

implementation "io.netty:netty-all:4.1.98.Final"
implementation "io.projectreactor.netty:reactor-netty:1.1.11"
implementation "org.springframework:spring-messaging:5.3.29"
implementation "org.springframework.retry:spring-retry:2.0.3"
implementation "io.netty:netty-all:4.1.100.Final"
implementation "io.projectreactor.netty:reactor-netty:1.1.12"
implementation "org.springframework:spring-messaging:5.3.30"
implementation "org.springframework.retry:spring-retry:2.0.4"

implementation "org.springframework.security:spring-security-config:${spring_security_version}"
implementation "org.springframework.security:spring-security-data:${spring_security_version}"
Expand All @@ -323,10 +325,10 @@ dependencies {
implementation "org.springframework.security:spring-security-ldap:${spring_security_version}"
implementation "org.springframework.security:spring-security-saml2-service-provider:${spring_security_version}"
implementation "org.xmlbeam:xmlprojector:1.4.24"
implementation "io.jsonwebtoken:jjwt-api:0.11.5"
implementation "io.jsonwebtoken:jjwt-api:0.12.3"
implementation "org.bouncycastle:bcprov-jdk15on:1.70"
runtimeOnly "io.jsonwebtoken:jjwt-impl:0.11.5"
runtimeOnly "io.jsonwebtoken:jjwt-jackson:0.11.5"
runtimeOnly "io.jsonwebtoken:jjwt-impl:0.12.3"
runtimeOnly "io.jsonwebtoken:jjwt-jackson:0.12.3"
implementation ("io.springfox:springfox-swagger2:3.0.0") {
exclude module: "mapstruct"
}
Expand All @@ -339,9 +341,9 @@ dependencies {
implementation "org.zalando:problem-spring-web:0.27.0"
implementation "com.ibm.icu:icu4j:73.2"
implementation "com.github.seancfoley:ipaddress:5.4.0"
implementation "org.apache.maven:maven-model:3.9.4"
implementation "org.apache.maven:maven-model:3.9.5"
implementation "org.apache.pdfbox:pdfbox:3.0.0"
implementation "com.google.protobuf:protobuf-java:3.24.3"
implementation "com.google.protobuf:protobuf-java:3.24.4"
implementation "org.apache.commons:commons-csv:1.10.0"
implementation "org.commonmark:commonmark:0.21.0"
implementation "commons-fileupload:commons-fileupload:1.5"
Expand All @@ -368,18 +370,18 @@ dependencies {
testImplementation "org.junit.jupiter:junit-jupiter:${junit_version}"
testImplementation "org.mockito:mockito-core:${mockito_version}"
testImplementation "org.mockito:mockito-junit-jupiter:${mockito_version}"
testImplementation "io.github.classgraph:classgraph:4.8.162"
testImplementation "io.github.classgraph:classgraph:4.8.163"
testImplementation "org.awaitility:awaitility:4.2.0"
testImplementation "org.apache.maven.shared:maven-invoker:3.2.0"
testImplementation "org.gradle:gradle-tooling-api:8.3"
testImplementation "org.apache.maven.surefire:surefire-report-parser:3.1.2"
testImplementation "org.gradle:gradle-tooling-api:8.4"
testImplementation "org.apache.maven.surefire:surefire-report-parser:3.2.1"
testImplementation "com.opencsv:opencsv:5.8"
testImplementation "io.zonky.test:embedded-database-spring-test:2.3.0"
testImplementation "com.tngtech.archunit:archunit:1.1.0"
testImplementation "org.skyscreamer:jsonassert:1.5.1"

// Lightweight JSON library needed for the internals of the MockRestServiceServer
testImplementation "org.json:json:20230618"
testImplementation "org.json:json:20231013"
}

dependencyManagement {
Expand Down
18 changes: 9 additions & 9 deletions gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,25 +7,25 @@ npm_version=9.6.0

# Dependency versions
jhipster_dependencies_version=7.9.3
spring_boot_version=2.7.16
spring_boot_version=2.7.17
spring_security_version=5.7.11
hibernate_version=5.6.15.Final
jaxb_runtime_version=4.0.3
hazelcast_version=5.3.2
jaxb_runtime_version=4.0.4
hazelcast_version=5.3.5
junit_version=5.10.0
mockito_version=5.5.0
fasterxml_version=2.15.2
mockito_version=5.6.0
fasterxml_version=2.15.3
jgit_version=6.7.0.202309050840-r
checkstyle_version=10.12.3
checkstyle_version=10.12.4
jplag_version=4.3.0
slf4j_version=1.7.36
sentry_version=6.29.0
sentry_version=6.32.0

# gradle plugin version
gradle_node_plugin_version=7.0.0
gradle_node_plugin_version=7.0.1
apt_plugin_version=0.21
liquibase_plugin_version=2.1.1
modernizer_plugin_version=1.8.0
modernizer_plugin_version=1.9.0

org.gradle.jvmargs=-Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en \
--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \
Expand Down
2 changes: 1 addition & 1 deletion gradle/liquibase.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ configurations {
}

dependencies {
liquibase "org.liquibase.ext:liquibase-hibernate5:4.22.0"
liquibase "org.liquibase.ext:liquibase-hibernate5:4.24.0"
}

if (OperatingSystem.current().isWindows()) {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/de/tum/in/www1/artemis/config/PublicResourcesConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
@Configuration
public class PublicResourcesConfiguration implements WebMvcConfigurer {

@Autowired
@Autowired // ok
private JHipsterProperties jHipsterProperties;

@Override
Expand Down
9 changes: 7 additions & 2 deletions src/main/java/de/tum/in/www1/artemis/domain/lti/Lti13AgsClaim.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,13 @@ public static Optional<Lti13AgsClaim> from(OidcIdToken idToken) {
agsClaim.setScope(Collections.singletonList(Scopes.AGS_SCORE));
}

agsClaim.setLineItem(agsClaimJson.get("lineitem").getAsString());

JsonElement lineItem = agsClaimJson.get("lineitem");
if (lineItem != null) {
agsClaim.setLineItem(lineItem.getAsString());
}
else {
agsClaim.setLineItem(null);
}
return Optional.of(agsClaim);
}

Expand Down
13 changes: 9 additions & 4 deletions src/main/java/de/tum/in/www1/artemis/security/jwt/TokenProvider.java
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
package de.tum.in.www1.artemis.security.jwt;

import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;

import javax.annotation.PostConstruct;
import javax.crypto.SecretKey;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand All @@ -33,7 +33,7 @@ public class TokenProvider {

private static final String AUTHORITIES_KEY = "auth";

private Key key;
private SecretKey key;

private long tokenValidityInMilliseconds;

Expand Down Expand Up @@ -90,7 +90,7 @@ public String createToken(Authentication authentication, boolean rememberMe) {

long now = (new Date()).getTime();
Date validity = new Date(now + getTokenValidity(rememberMe));
return Jwts.builder().setSubject(authentication.getName()).claim(AUTHORITIES_KEY, authorities).signWith(key, SignatureAlgorithm.HS512).setExpiration(validity).compact();
return Jwts.builder().subject(authentication.getName()).claim(AUTHORITIES_KEY, authorities).signWith(key, Jwts.SIG.HS512).expiration(validity).compact();
}

/**
Expand Down Expand Up @@ -158,6 +158,11 @@ private boolean validateJwsToken(String authToken) {
}

private Claims parseClaims(String authToken) {
return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(authToken).getBody();
return Jwts.parser().verifyWith(key).build().parseSignedClaims(authToken).getPayload();
}

public Date getExpirationDate(String authToken) {
return parseClaims(authToken).getExpiration();
}

}
6 changes: 3 additions & 3 deletions ...n/java/de/tum/in/www1/artemis/service/learningpath/LearningPathRecommendationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public class LearningPathRecommendationService {
* cdf(0.40), medium: cdf(0.85) - cdf(0.40), hard: 1 - cdf(0.85)}.
* Each array corresponds to the mean=idx/#distributions.
*/
private final static double[][] EXERCISE_DIFFICULTY_DISTRIBUTION_LUT = new double[][] { { 0.87, 0.12, 0.01 }, { 0.80, 0.18, 0.02 }, { 0.72, 0.25, 0.03 }, { 0.61, 0.33, 0.06 },
private static final double[][] EXERCISE_DIFFICULTY_DISTRIBUTION_LUT = new double[][] { { 0.87, 0.12, 0.01 }, { 0.80, 0.18, 0.02 }, { 0.72, 0.25, 0.03 }, { 0.61, 0.33, 0.06 },
{ 0.50, 0.40, 0.10 }, { 0.39, 0.45, 0.16 }, { 0.28, 0.48, 0.24 }, { 0.20, 0.47, 0.33 }, { 0.13, 0.43, 0.44 }, { 0.08, 0.37, 0.55 }, { 0.04, 0.29, 0.67 }, };

protected LearningPathRecommendationService(CompetencyRelationRepository competencyRelationRepository, LearningObjectService learningObjectService,
Expand Down Expand Up @@ -332,7 +332,7 @@ private static Optional<ZonedDateTime> getEarliestDueDate(Competency competency)
*/
private static double computePriorUtility(Competency competency, RecommendationState state) {
// return max utility if no prior competencies are present
if (state.priorCompetencies.get(competency.getId()).size() == 0) {
if (state.priorCompetencies.get(competency.getId()).isEmpty()) {
return PRIOR_UTILITY;
}
final double masteredPriorCompetencies = state.priorCompetencies.get(competency.getId()).stream()
Expand Down Expand Up @@ -589,7 +589,7 @@ private static double[] getExerciseDifficultyDistribution(double priorConfidence
return EXERCISE_DIFFICULTY_DISTRIBUTION_LUT[distributionIndex];
}

protected record RecommendationState(Map<Long, Competency> competencyIdMap, List<Long> recommendedOrderOfCompetencies, Set<Long> masteredCompetencies,
public record RecommendationState(Map<Long, Competency> competencyIdMap, List<Long> recommendedOrderOfCompetencies, Set<Long> masteredCompetencies,
Map<Long, Double> competencyMastery, Map<Long, Set<Long>> matchingClusters, Map<Long, Set<Long>> priorCompetencies, Map<Long, Long> extendsCompetencies,
Map<Long, Long> assumesCompetencies) {
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/de/tum/in/www1/artemis/service/listeners/ResultListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public ResultListener() {
// Empty constructor for Spring
}

@Autowired
@Autowired // ok
public ResultListener(@Lazy InstanceMessageSendService instanceMessageSendService) {
this.instanceMessageSendService = instanceMessageSendService;
}
Expand Down
23 changes: 12 additions & 11 deletions src/main/java/de/tum/in/www1/artemis/web/rest/open/PublicLtiResource.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package de.tum.in.www1.artemis.web.rest.open;

import java.io.IOException;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
Expand All @@ -19,6 +22,8 @@
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.util.UriComponentsBuilder;

import com.nimbusds.jwt.SignedJWT;

import de.tum.in.www1.artemis.domain.Course;
import de.tum.in.www1.artemis.domain.Exercise;
import de.tum.in.www1.artemis.domain.OnlineCourseConfiguration;
Expand All @@ -27,10 +32,7 @@
import de.tum.in.www1.artemis.security.annotations.EnforceNothing;
import de.tum.in.www1.artemis.service.connectors.lti.Lti10Service;
import de.tum.in.www1.artemis.web.rest.dto.LtiLaunchRequestDTO;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.security.SignatureException;
import io.jsonwebtoken.*;

/**
* REST controller for receiving LTI requests.
Expand Down Expand Up @@ -171,16 +173,15 @@ public void lti13LaunchRedirect(HttpServletRequest request, HttpServletResponse
* @return Whether the token is valid or not
*/
private boolean isValidJwtIgnoreSignature(String token) {
String strippedToken = token.substring(0, token.lastIndexOf(".") + 1);
try {
Jwts.parserBuilder().build().parse(strippedToken);
return true;
}
catch (SignatureException e) {
// We ignore the signature
SignedJWT parsedToken = SignedJWT.parse(token);
if (parsedToken.getJWTClaimsSet().getExpirationTime().before(Date.from(Instant.now()))) {
return false;
}
return true;
}
catch (ExpiredJwtException | MalformedJwtException | IllegalArgumentException e) {
catch (ParseException e) {
log.info("LTI request: JWT token is invalid: {}", token, e);
return false;
}
}
Expand Down
Loading

0 comments on commit 8ec8f03

Please sign in to comment.