Merge branch 'master' into 'dev'

bpm/bonita-web-server/src/main/java/org/bonitasoft/console/common/server/i18n/I18n.java

@@ -25,6 +25,7 @@
 
 import org.bonitasoft.web.toolkit.client.common.i18n.AbstractI18n;
 import org.bonitasoft.web.toolkit.client.common.texttemplate.Arg;
+import org.bonitasoft.web.toolkit.client.common.texttemplate.TextTemplate;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
 import org.springframework.core.io.support.ResourcePatternResolver;
@@ -156,12 +157,10 @@ private static boolean localeExists(String locale, String application) {
     @Override
     protected String getText(String string) {
         return string;
-        //        throw new RuntimeException("On server side, we absolutely need to pass locale");
     }
 
     @Override
     protected String getText(String string, Arg... args) {
-        return string;
-        //        throw new RuntimeException("On server side, we absolutely need to pass locale");
+        return new TextTemplate(string).toString(args);
     }
 }

bpm/bonita-web-server/src/main/java/org/bonitasoft/console/common/server/login/filter/FrameSecurityFilter.java

@@ -44,15 +44,13 @@ public class FrameSecurityFilter extends ExcludingPatternFilter {
 
     protected static final String CONTENT_SECURITY_POLICY_HEADER_DEFAULT = "frame-ancestors 'self';";
 
-    protected static final String FRAME_FILTER_EXCLUDED_PAGES_PATTERN = "^/(bonita/)?(portal/resource/.+/content/$)|(portal/custom-page/.+/$)";
-
     protected String xFrameHeaderValue;
 
     protected String contentSecurityHeaderValue;
 
     @Override
     public String getDefaultExcludedPages() {
-        return FRAME_FILTER_EXCLUDED_PAGES_PATTERN;
+        return "";
     }
 
     @Override

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/model/application/ApplicationDefinition.java

@@ -16,6 +16,7 @@
 import org.bonitasoft.web.toolkit.client.data.item.Definitions;
 import org.bonitasoft.web.toolkit.client.data.item.ItemDefinition;
 import org.bonitasoft.web.toolkit.client.data.item.attribute.ItemAttribute;
+import org.bonitasoft.web.toolkit.client.data.item.attribute.validator.FileIsImageOrServletPathValidator;
 
 /**
  * @author Elias Ricken de Medeiros
@@ -45,7 +46,8 @@ protected void defineAttributes() {
         createAttribute(ApplicationItem.ATTRIBUTE_THEME_ID, ItemAttribute.TYPE.ITEM_ID);
         createAttribute(ApplicationItem.ATTRIBUTE_VERSION, ItemAttribute.TYPE.STRING);
         createAttribute(ApplicationItem.ATTRIBUTE_DESCRIPTION, ItemAttribute.TYPE.TEXT);
-        createAttribute(ApplicationItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.IMAGE);
+        createAttribute(ApplicationItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.STRING)
+                .addValidator(new FileIsImageOrServletPathValidator(ApplicationItem.ICON_PATH_API_PREFIX));
         createAttribute(ApplicationItem.ATTRIBUTE_CREATION_DATE, ItemAttribute.TYPE.STRING);
         createAttribute(ApplicationItem.ATTRIBUTE_CREATED_BY, ItemAttribute.TYPE.ITEM_ID);
         createAttribute(ApplicationItem.ATTRIBUTE_LAST_UPDATE_DATE, ItemAttribute.TYPE.STRING);

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/model/identity/GroupDefinition.java

@@ -13,9 +13,11 @@
  **/
 package org.bonitasoft.web.rest.model.identity;
 
+import org.bonitasoft.web.rest.server.datastore.organization.Avatars;
 import org.bonitasoft.web.toolkit.client.data.item.Definitions;
 import org.bonitasoft.web.toolkit.client.data.item.ItemDefinition;
 import org.bonitasoft.web.toolkit.client.data.item.attribute.ItemAttribute;
+import org.bonitasoft.web.toolkit.client.data.item.attribute.validator.FileIsImageOrServletPathValidator;
 
 /**
  * @author Yongtao Guo
@@ -60,7 +62,8 @@ protected void defineAttributes() {
         createAttribute(GroupItem.ATTRIBUTE_CREATION_DATE, ItemAttribute.TYPE.DATETIME);
         createAttribute(GroupItem.ATTRIBUTE_CREATED_BY_USER_ID, ItemAttribute.TYPE.STRING);
         createAttribute(GroupItem.ATTRIBUTE_LAST_UPDATE_DATE, ItemAttribute.TYPE.DATETIME);
-        createAttribute(GroupItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.IMAGE);
+        createAttribute(GroupItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.STRING)
+                .addValidator(new FileIsImageOrServletPathValidator(Avatars.PATH));
         createAttribute(GroupItem.ATTRIBUTE_PARENT_PATH, ItemAttribute.TYPE.STRING);
         createAttribute(GroupItem.ATTRIBUTE_PARENT_GROUP_ID, ItemAttribute.TYPE.STRING);
     }

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/model/identity/RoleDefinition.java

@@ -13,9 +13,11 @@
  **/
 package org.bonitasoft.web.rest.model.identity;
 
+import org.bonitasoft.web.rest.server.datastore.organization.Avatars;
 import org.bonitasoft.web.toolkit.client.data.item.Definitions;
 import org.bonitasoft.web.toolkit.client.data.item.ItemDefinition;
 import org.bonitasoft.web.toolkit.client.data.item.attribute.ItemAttribute;
+import org.bonitasoft.web.toolkit.client.data.item.attribute.validator.FileIsImageOrServletPathValidator;
 
 /**
  * @author Yongtao Guo
@@ -67,7 +69,8 @@ protected void defineAttributes() {
 
         createAttribute(RoleItem.ATTRIBUTE_LAST_UPDATE_DATE, ItemAttribute.TYPE.DATETIME);
 
-        createAttribute(RoleItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.IMAGE);
+        createAttribute(RoleItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.STRING)
+                .addValidator(new FileIsImageOrServletPathValidator(Avatars.PATH));
     }
 
     @Override

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/model/identity/UserDefinition.java

@@ -13,9 +13,11 @@
  **/
 package org.bonitasoft.web.rest.model.identity;
 
+import org.bonitasoft.web.rest.server.datastore.organization.Avatars;
 import org.bonitasoft.web.toolkit.client.data.item.Definitions;
 import org.bonitasoft.web.toolkit.client.data.item.ItemDefinition;
 import org.bonitasoft.web.toolkit.client.data.item.attribute.ItemAttribute;
+import org.bonitasoft.web.toolkit.client.data.item.attribute.validator.FileIsImageOrServletPathValidator;
 
 /**
  * User definition
@@ -60,7 +62,8 @@ protected void defineAttributes() {
                 .isMandatory();
         createAttribute(UserItem.ATTRIBUTE_LASTNAME, ItemAttribute.TYPE.STRING)
                 .isMandatory();
-        createAttribute(UserItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.IMAGE);
+        createAttribute(UserItem.ATTRIBUTE_ICON, ItemAttribute.TYPE.STRING)
+                .addValidator(new FileIsImageOrServletPathValidator(Avatars.PATH));
         createAttribute(UserItem.ATTRIBUTE_USERNAME, ItemAttribute.TYPE.STRING)
                 .isMandatory();
         createAttribute(UserItem.ATTRIBUTE_PASSWORD, ItemAttribute.TYPE.PASSWORD);

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/rest/model/portal/profile/ProfileDefinition.java

@@ -16,9 +16,11 @@
 import static org.bonitasoft.web.toolkit.client.data.item.template.ItemHasIcon.ATTRIBUTE_ICON;
 import static org.bonitasoft.web.toolkit.client.data.item.template.ItemHasUniqueId.ATTRIBUTE_ID;
 
+import org.bonitasoft.web.rest.server.datastore.organization.Avatars;
 import org.bonitasoft.web.toolkit.client.data.item.Definitions;
 import org.bonitasoft.web.toolkit.client.data.item.ItemDefinition;
 import org.bonitasoft.web.toolkit.client.data.item.attribute.ItemAttribute;
+import org.bonitasoft.web.toolkit.client.data.item.attribute.validator.FileIsImageOrServletPathValidator;
 
 /**
  * @author Julien Mege
@@ -64,7 +66,8 @@ protected void defineAttributes() {
 
         createAttribute(ProfileItem.ATTRIBUTE_DESCRIPTION, ItemAttribute.TYPE.TEXT);
 
-        createAttribute(ATTRIBUTE_ICON, ItemAttribute.TYPE.IMAGE);
+        createAttribute(ATTRIBUTE_ICON, ItemAttribute.TYPE.STRING)
+                .addValidator(new FileIsImageOrServletPathValidator(Avatars.PATH));
 
         createAttribute(ProfileItem.ATTRIBUTE_UPDATED_BY_USER_ID, ItemAttribute.TYPE.ITEM_ID);
 

bpm/bonita-web-server/src/main/java/org/bonitasoft/web/toolkit/client/data/item/attribute/validator/FileIsImageOrServletPathValidator.java

@@ -0,0 +1,49 @@
+/**
+ * Copyright (C) 2022 Bonitasoft S.A.
+ * Bonitasoft, 32 rue Gustave Eiffel - 38000 Grenoble
+ * This library is free software; you can redistribute it and/or modify it under the terms
+ * of the GNU Lesser General Public License as published by the Free Software Foundation
+ * version 2.1 of the License.
+ * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License along with this
+ * program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
+ * Floor, Boston, MA 02110-1301, USA.
+ **/
+package org.bonitasoft.web.toolkit.client.data.item.attribute.validator;
+
+import org.bonitasoft.web.toolkit.client.common.i18n.AbstractI18n;
+
+/**
+ * This validates that the attribute has either an image file extension or starts with a servlet path
+ *
+ * @author Dumitru Corini
+ * @author Anthony Birembaut
+ */
+public class FileIsImageOrServletPathValidator extends AbstractStringFormatValidator {
+
+    private static final String[] IMAGE_EXTENSIONS = { "png", "jpg", "jpeg", "bmp", "wbmp", "tga", "gif", "PNG", "JPG",
+            "JPEG", "BMP", "WBMP", "TGA", "GIF" };
+
+    public FileIsImageOrServletPathValidator(final String servletPath) {
+        super(makeRegexp(IMAGE_EXTENSIONS, servletPath));
+    }
+
+    private static String makeRegexp(final String[] extensions, final String servletPath) {
+        final StringBuilder sb = new StringBuilder();
+        for (final String extension : extensions) {
+            sb.append(extension).append("|");
+        }
+
+        String preparedServletPath = servletPath.replace(".", "\\.").replace("/", "\\/");
+
+        return "^" + preparedServletPath + "|\\.(" + sb.substring(0, sb.length() - 1) + ")$";
+    }
+
+    @Override
+    protected String defineErrorMessage() {
+        return AbstractI18n.t_("%attribute% file format not allowed or not starting with correct servlet path");
+    }
+
+}

bpm/bonita-web-server/src/main/webapp/WEB-INF/web.xml

@@ -42,11 +42,11 @@
             <param-value>frame-ancestors 'self';</param-value>
         </init-param>
         <!--
-            The excludePattern default value is the one commented out bellow, but you can uncomment it and add new patterns if you need to
+            There is no default excludePattern for this filter, but you can uncomment it and add one if you need to
         -->
         <!-- init-param>
             <param-name>excludePattern</param-name>
-            <param-value>^/(bonita/)?(portal/resource/.+/content/$)|(portal/custom-page/.+/$)</param-value>
+            <param-value></param-value>
         </init-param -->
     </filter>
     <filter>