Synchronize ufal and dataquest main branches (#939)

* remove duplicate dependency element with identical content (warnings in build)

(cherry picked from commit 59cee27)

* Issue 1165: Handle PaginantionException in Clarin licences search requests (ufal#1184)

* Issue 1165: Handle PaginantionException in Clarin licences search requests

* resolve MR comments

---------

Co-authored-by: Milan Kuchtiak <mkuchtiak@Milans-MacBook-Pro.local>
(cherry picked from commit 1778714)

* Issue 1055: fixed security issue for downloading file with non anonymous license (ufal#1188)

* Issue 1055: fixed security issue for downloading file with a license that requires authenticated user, also change ClarinLicense confirmation type from Integer to Enum (this reqired some refactoring)

* fixed failing tests

* add unit test for not authenticated user trying to get token for licence not allowed for anonymous user

* inmprove unit test

* resolve MR comments

* typo: backwards compatibility -> backward compatibility

---------

Co-authored-by: Milan Kuchtiak <mkuchtiak@Milans-MacBook-Pro.local>
(cherry picked from commit 53e88cb)

* Issue 1186: catch DSpaceBadRequestException rather than BadRequestException (ufal#1187)

* Issue 1186: catch DSpaceBadRequestException rather than BadRequestException

* resolve test failures

* improve javadoc

* resolve MR comment

---------

Co-authored-by: Milan Kuchtiak <mkuchtiak@Milans-MacBook-Pro.local>
Co-authored-by: Ondřej Košarko <kosarko@ufal.mff.cuni.cz>
(cherry picked from commit 77fc4b0)

* Issue ufal#1190 - fixed Server error  (ufal#1193)

* Issue 1190: fixed internal server error, when context.commit() was called multiple times in search request

* Issue 1190: fixed internal server error, when context.commit() was called multiple times in search request

* unnecessary whitespace

* update unit test

* small improvements

---------

Co-authored-by: Milan Kuchtiak <mkuchtiak@Milans-MacBook-Pro.local>
(cherry picked from commit 6638293)

* Shortref v7 (ufal#1194)

* Anonymous users should be able to use shortener

* Update possible only with a valid token

* updated handle returned with usable token

additional cleanup - magicurl is an implementation detail and should not
be serialized

* checkstyle

* createHandle would throw ConstraintViolation

update the tests to use shortener.handle.prefix
handle validation - subprefix has a default, should not be required

* test blacklist/whitelist

checkstyle and license

* Address PR review comments

doc + default

(cherry picked from commit 2e3bd80)

* Pull request review comment

use a recent version of commons-lang

* Shortener blacklist test

- provide more guidance in the config file
- change the default to match lindat prod

---------

Co-authored-by: Øyvind Gjesdal <oyvind.gjesdal@uib.no>
Co-authored-by: kuchtiak-ufal <kuchtiak@ufal.mff.cuni.cz>

Author: 3 people

dspace-api/pom.xml

@@ -859,23 +859,6 @@
             </exclusions>
         </dependency>
 
-        <dependency>
-            <groupId>io.findify</groupId>
-            <artifactId>s3mock_2.13</artifactId>
-            <version>0.2.6</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.amazonawsl</groupId>
-                    <artifactId>aws-java-sdk-s3</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.amazonaws</groupId>
-                    <artifactId>aws-java-sdk-s3</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-    
     </dependencies>
 
     <dependencyManagement>

dspace-api/src/main/java/org/dspace/authorize/AuthorizationBitstreamUtils.java

@@ -7,6 +7,8 @@
  */
 package org.dspace.authorize;
 
+import static org.dspace.content.clarin.ClarinLicense.Confirmation;
+
 import java.sql.SQLException;
 import java.util.List;
 import java.util.Objects;
@@ -117,10 +119,10 @@ public boolean authorizeLicenseWithUser(Context context, UUID bitstreamID) throw
 
         // Bitstream should have only one type of the Clarin license, so we could get first record
         ClarinLicense clarinLicense = Objects.requireNonNull(clarinLicenseResourceMappings.get(0)).getLicense();
-        // 3 - Allow download for anonymous users, but with license confirmation
-        // 0 - License confirmation is not required
-        if (Objects.equals(clarinLicense.getConfirmation(), 3) ||
-                Objects.equals(clarinLicense.getConfirmation(), 0)) {
+        // ALLOW_ANONYMOUS - Allow download for anonymous users, but with license confirmation
+        // NOT_REQUIRED - License confirmation is not required
+        if ((clarinLicense.getConfirmation() == Confirmation.ALLOW_ANONYMOUS) ||
+                (clarinLicense.getConfirmation() == Confirmation.NOT_REQUIRED)) {
             return true;
         }
         return false;

dspace-api/src/main/java/org/dspace/content/clarin/ClarinLicense.java

@@ -16,6 +16,8 @@
 import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
@@ -83,7 +85,8 @@ public class ClarinLicense implements ReloadableEntity<Integer> {
     private String definition = null;
 
     @Column(name = "confirmation")
-    private Integer confirmation = 0;
+    @Enumerated(EnumType.ORDINAL)
+    private Confirmation confirmation = Confirmation.NOT_REQUIRED;
 
     @Column(name = "required_info")
     private String requiredInfo = null;
@@ -111,11 +114,11 @@ public void setDefinition(String definition) {
         this.definition = definition;
     }
 
-    public Integer getConfirmation() {
-        return confirmation;
+    public Confirmation getConfirmation() {
+        return confirmation == null ? Confirmation.NOT_REQUIRED : confirmation;
     }
 
-    public void setConfirmation(Integer confirmation) {
+    public void setConfirmation(Confirmation confirmation) {
         this.confirmation = confirmation;
     }
 
@@ -191,4 +194,29 @@ public ClarinUserRegistration getEperson() {
     public void setEperson(ClarinUserRegistration eperson) {
         this.eperson = eperson;
     }
+
+    public enum Confirmation {
+
+        // if new Confirmation value is needed, add it to the end of this list, to not break the backward compatibility
+        NOT_REQUIRED(0), ASK_ONLY_ONCE(1), ASK_ALWAYS(2), ALLOW_ANONYMOUS(3);
+
+        private final int value;
+
+        Confirmation(int value) {
+            this.value = value;
+        }
+
+        public int getValue() {
+            return value;
+        }
+
+        public static Confirmation getConfirmation(int value) {
+            return Arrays.stream(values())
+                    .filter(v -> (v.getValue() == value))
+                    .findFirst()
+                    .orElseThrow(() ->
+                            new IllegalArgumentException("No license confirmation found for value: " + value));
+        }
+
+    }
 }

dspace-api/src/main/java/org/dspace/content/clarin/ClarinLicenseResourceMappingServiceImpl.java

@@ -7,6 +7,8 @@
  */
 package org.dspace.content.clarin;
 
+import static org.dspace.content.clarin.ClarinLicense.Confirmation;
+
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
@@ -203,23 +205,23 @@ public ClarinLicense getLicenseToAgree(Context context, UUID userId, UUID resour
         }
 
         // Confirmation states:
-        // 0 - Not required
-        // 1 - Ask only once
-        // 2 - Ask always
-        // 3 - Allow anonymous
-        if (Objects.equals(clarinLicenseToAgree.getConfirmation(), 0)) {
+        // NOT_REQUIRED
+        // ASK_ONLY_ONCE
+        // ASK_ALWAYS
+        // ALLOW_ANONYMOUS
+        if (clarinLicenseToAgree.getConfirmation() == Confirmation.NOT_REQUIRED) {
             return null;
         }
 
         switch (clarinLicenseToAgree.getConfirmation()) {
-            case 1:
+            case ASK_ONLY_ONCE:
                 // Ask only once - check if the clarin license required info is filled in by the user
                 if (userFilledInRequiredInfo(context, clarinLicenseResourceMapping, userId)) {
                     return null;
                 }
                 return clarinLicenseToAgree;
-            case 2:
-            case 3:
+            case ASK_ALWAYS:
+            case ALLOW_ANONYMOUS:
                 return clarinLicenseToAgree;
             default:
                 return null;

dspace-api/src/main/java/org/dspace/handle/HandleClarinServiceImpl.java

@@ -337,6 +337,11 @@ public DSpaceObject resolveToObject(Context context, String handle) throws Illeg
                 + Constants.typeText[handleTypeId]);
     }
 
+    @Override
+    public int count(Context context) throws SQLException {
+        return handleDAO.countRows(context);
+    }
+
     /**
      * Create id for handle object.
      *
@@ -457,6 +462,21 @@ public Handle createHandle(Context context, String handleStr) throws SQLExceptio
         return handle;
     }
 
+    @Override
+    public Handle findByHandleAndMagicToken(Context context, String handle, String token) throws SQLException {
+        Handle h = findByHandle(context, handle);
+        if (Objects.isNull(h) || Objects.isNull(h.getUrl()) || !h.getUrl().contains(MAGIC_BEAN)) {
+            return null;
+        }
+        org.dspace.handle.external.Handle magicHandle =
+                new org.dspace.handle.external.Handle(h.getHandle(), h.getUrl());
+        if (magicHandle.token.equals(token)) {
+            return h;
+        } else {
+            return null;
+        }
+    }
+
     /**
      * Strips the part identifier from the handle
      *

dspace-api/src/main/java/org/dspace/handle/external/Handle.java

@@ -87,20 +87,20 @@ public Handle(String handle, String magicURL) {
     }
 
     /**
-     * From the attributes generate the url with `@magicLindat` string
+     * Generate new token and combine the properties into the url with `@magicLindat` string
      * @return url with the `@magicLindat` string
      */
-    public String getMagicUrl() {
-        return this.getMagicUrl(this.title, this.submitdate, this.reportemail, this.datasetName, this.datasetVersion,
+    public String generateMagicUrl() {
+        return generateMagicUrl(this.title, this.submitdate, this.reportemail, this.datasetName, this.datasetVersion,
                 this.query, this.url);
     }
 
     /**
-     * From the attributes generate the url with `@magicLindat` string
+     * Generate new token and combine the params into the url with `@magicLindat` string
      * @return url with the `@magicLindat` string
      */
-    public String getMagicUrl(String title, String submitdate, String reportemail, String datasetName,
-                              String datasetVersion, String query, String url) {
+    private static String generateMagicUrl(String title, String submitdate, String reportemail, String datasetName,
+                                          String datasetVersion, String query, String url) {
         String magicURL = "";
         String token = UUID.randomUUID().toString();
         String[] magicURLProps = new String[] {title, HandlePlugin.getRepositoryName(), submitdate, reportemail,

dspace-api/src/main/java/org/dspace/handle/service/HandleClarinService.java

@@ -156,6 +156,14 @@ public void update(Context context, Handle handleObject, String newHandle,
      */
     public DSpaceObject resolveToObject(Context context, String handle) throws IllegalStateException, SQLException;
 
+    /**
+     * Return the number of entries in the handle table.
+     * @param context
+     * @return number of rows in the handle table
+     * @throws SQLException
+     */
+    int count(Context context) throws SQLException;
+
     /**
      * Create the external handles from the list of handles with magic URL
      *
@@ -226,4 +234,15 @@ public void update(Context context, Handle handleObject, String newHandle,
      * @throws AuthorizeException if authorization error
      */
     public Handle createHandle(Context context, String handle) throws SQLException, AuthorizeException;
+
+    /**
+     * Returns a handle entity matching the provided `prefix/suffix` but only when the "magic url"
+     * contains the provided token.
+     * @param context
+     * @param handle prefix/suffix
+     * @param token the automatically generated part of the magic URL
+     * @return Handle entity or null (if the handle is not found or the "magic url" does not contain the provided token)
+     * @throws SQLException
+     */
+    Handle findByHandleAndMagicToken(Context context, String handle, String token) throws SQLException;
 }

dspace-api/src/test/java/org/dspace/content/BundleClarinTest.java

@@ -7,6 +7,7 @@
  */
 package org.dspace.content;
 
+import static org.dspace.content.clarin.ClarinLicense.Confirmation;
 import static org.dspace.core.Constants.CONTENT_BUNDLE_NAME;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.instanceOf;
@@ -119,7 +120,7 @@ public void init() {
             this.clarinLicense.setLicenseLabels(cllSet);
             this.clarinLicense.setName(LICENSE_NAME);
             this.clarinLicense.setDefinition(LICENSE_URI);
-            this.clarinLicense.setConfirmation(0);
+            this.clarinLicense.setConfirmation(Confirmation.NOT_REQUIRED);
             this.clarinLicenseService.update(context, this.clarinLicense);
 
             // initialize second clarin license and clarin license label
@@ -139,7 +140,7 @@ public void init() {
             this.secondClarinLicense.setLicenseLabels(secondCllSet);
             this.secondClarinLicense.setName("wrong name");
             this.secondClarinLicense.setDefinition("wrong uri");
-            this.secondClarinLicense.setConfirmation(0);
+            this.secondClarinLicense.setConfirmation(Confirmation.NOT_REQUIRED);
             this.clarinLicenseService.update(context, this.secondClarinLicense);
 
             //we need to commit the changes, so we don't block the table for testing

dspace-server-webapp/pom.xml

@@ -290,12 +290,6 @@
             <version>${spring-boot.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-actuator</artifactId>
-            <version>${spring-boot.version}</version>
-        </dependency>
-
         <dependency>
             <groupId>com.flipkart.zjsonpatch</groupId>
             <artifactId>zjsonpatch</artifactId>

dspace-server-webapp/src/main/java/org/dspace/app/rest/ItemAddBundleController.java

@@ -16,11 +16,11 @@
 import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.BadRequestException;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.dspace.app.rest.converter.ConverterService;
 import org.dspace.app.rest.converter.MetadataConverter;
+import org.dspace.app.rest.exception.DSpaceBadRequestException;
 import org.dspace.app.rest.exception.UnprocessableEntityException;
 import org.dspace.app.rest.model.BundleRest;
 import org.dspace.app.rest.model.ItemRest;
@@ -156,7 +156,7 @@ public ItemRest updateLicenseForBundle(@PathVariable UUID uuid,
             throws SQLException, AuthorizeException {
         Context context = ContextUtil.obtainContext(request);
         if (Objects.isNull(context)) {
-            throw new BadRequestException("No context found for current user");
+            throw new DSpaceBadRequestException("No context found for current user");
         }
         Item item = itemService.find(context, uuid);