Merge branch 'release'

.gitlab-ci/Jobs/php_unit_tests.yml

@@ -22,12 +22,13 @@
     DATASOURCES_TEST_PASSWORD: $MYSQL_PASSWORD
     DATASOURCES_TEST_HOST: 127.0.0.1
   before_script:
+    - mysql --version
     - mysql -h $DATASOURCES_DEFAULT_HOST -u root -p$MYSQL_ROOT_PASSWORD -e "ALTER USER '$DATASOURCES_TEST_USERNAME'@'%' identified by '$DATASOURCES_TEST_PASSWORD';" mysql
     - mysql -h $DATASOURCES_DEFAULT_HOST -u root -p$MYSQL_ROOT_PASSWORD -e "GRANT ALL ON *.* to $DATASOURCES_TEST_USERNAME;" mysql
 
 .postgres-template:
   services:
-    - postgres:12.2-alpine
+    - postgres:12.2-alpine # should be DATABASE_ENGINE_VERSION
   # Postgres services variables
   variables:
     POSTGRES_DB: test
@@ -61,6 +62,15 @@
     - docker-php-ext-enable pdo_pgsql
     - printf "postgres:5432:test:user:testing-password" > ~/.pgpass
     - chmod 0600 ~/.pgpass
+# TO BE REPLACED WITH
+#  before_script:
+#    - apt-get update
+#    - apt-get install libpq-dev postgresql-client -yqq
+#    - docker-php-ext-install pdo_pgsql
+#    # official way to provide password to psql: http://www.postgresql.org/docs/9.3/static/libpq-envars.html
+#    - export PGPASSWORD=$POSTGRES_PASSWORD
+#    - psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "SELECT 'OK' AS status;"
+#    - psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "SELECT 'OK' AS status;"
 
 .test-template:
   stage: unit-test
@@ -72,103 +82,189 @@
     APP_FULL_BASE_URL: http://127.0.0.1
     PASSBOLT_REGISTRATION_PUBLIC: 1
     PASSBOLT_SELENIUM_ACTIVE: 1
-    PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED: 1 # Remove that line once JWT is enabled by default
     # This is the development dummy fingerprint
     PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: 2FC8945833C51946E937F9FED47B0811573EE67E
     PHPUNIT_COMMAND: vendor/bin/phpunit --log-junit unitreport.xml
   image: $CI_REGISTRY_IMAGE_TEST:$PHP_VERSION
   script:
     - cp config/app.default.php config/app.php
-    - composer install --dev --no-interaction
+    - composer install --no-interaction
     - gpg --import config/gpg/unsecure_private.key
     - gpg --import config/gpg/unsecure.key
-    - ./bin/cake passbolt create_jwt_keys -q
+    - ./bin/cake passbolt create_jwt_keys
     - $PHPUNIT_COMMAND
-  only:
-    - branches
   artifacts:
     reports:
       junit: unitreport.xml
-  except:
-    variables:
-      - $CI_COMMIT_MESSAGE =~ /skip-unit/
+  rules:
+    - if: '$CI_COMMIT_MESSAGE !~ /skip-unit/'
 
+##
+## CUSTOM COMBINATIONS
+##
+php7.4-mysql5.7:
+  variables:
+    PHP_VERSION: "7.4"
+    DATABASE_ENGINE_VERSION: "mysql:5.7"
+  extends:
+    - .mysql-template
+    - .test-template
+  rules:
+    - if: '$TEST_DISABLED == null'
+
+# TO BE REMOVED
+php7.4-postgres:
+  variables:
+    PHP_VERSION: "7.4"
+  extends:
+    - .postgres-template
+    - .test-template
+
+#php7.4-postgres12.11:
+#  variables:
+#    PHP_VERSION: "7.4"
+#    DATABASE_ENGINE_VERSION: "postgres:12.11"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null'
+
+##
+## DEBIAN COMBINATIONS
+##
+## DEBIAN 10 BUSTER
+php7.3-mariadb10.3:
+  variables:
+    PHP_VERSION: "7.3"
+    DATABASE_ENGINE_VERSION: "mariadb:10.3"
+  extends:
+    - .mysql-template
+    - .test-template
+  rules:
+    - if: '$TEST_DISABLED == null'
 
+#php7.4-postgres11.16:
+#  variables:
+#    PHP_VERSION: "7.4"
+#    DATABASE_ENGINE_VERSION: "postgres:11.16"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null'
+
+## DEBIAN 11 BULLSEYE
 php7.4-mariadb10.5:
   variables:
     PHP_VERSION: "7.4"
     DATABASE_ENGINE_VERSION: "mariadb:10.5"
   extends:
     - .mysql-template
     - .test-template
-  except:
-    variables:
-      - $TEST_DISABLED
-  only:
-    - develop
-    - master
-
-php7.4-mariadb10.4:
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+
+#php7.4-postgres13.7:
+#  variables:
+#    PHP_VERSION: "7.4"
+#    DATABASE_ENGINE_VERSION: "postgres:13.7"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+#    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+
+## UBUNTU 20.04 LTS FOCAL
+php7.4-mysql8:
   variables:
     PHP_VERSION: "7.4"
-    DATABASE_ENGINE_VERSION: "mariadb:10.4"
+    DATABASE_ENGINE_VERSION: "mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
-  except:
-    variables:
-      - $TEST_DISABLED
-  only:
-    - develop
-    - master
-
-php7.3-mariadb10.4:
+  rules:
+    - if: '$TEST_DISABLED == null'
+
+#php7.4-postgres12.11:
+#  variables:
+#    PHP_VERSION: "7.4"
+#    DATABASE_ENGINE_VERSION: "postgres:12.11"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null'
+
+## UBUNTU 22.04 LTS JAMMY
+php8.1-mysql8:
   variables:
-    PHP_VERSION: "7.3"
-    DATABASE_ENGINE_VERSION: "mariadb:10.4"
+    PHP_VERSION: "8.1"
+    DATABASE_ENGINE_VERSION: "mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
-  except:
-    variables:
-      - $TEST_DISABLED
-  only:
-    - develop
-    - master
+  rules:
+    - if: '$TEST_DISABLED == null'
 
+#php8.1-postgres14.3:
+#  variables:
+#    PHP_VERSION: "8.1"
+#    DATABASE_ENGINE_VERSION: "postgres:14.3"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null'
+
+##
+## RPM COMBINATIONS
+##
+## CENTOS 7 - with remi and mariadb repos
 php7.4-mariadb10.3:
   variables:
     PHP_VERSION: "7.4"
     DATABASE_ENGINE_VERSION: "mariadb:10.3"
   extends:
     - .mysql-template
     - .test-template
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
-php7.3-mysql5.7:
+## ROCKY LINUX 8.6
+php8.0-mariadb10.5:
   variables:
-    PHP_VERSION: "7.3"
-    DATABASE_ENGINE_VERSION: "mysql:5.7"
+    PHP_VERSION: "8.0"
+    DATABASE_ENGINE_VERSION: "mariadb:10.5"
   extends:
     - .mysql-template
     - .test-template
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
-php7.4-mysql8:
+## RHEL 9
+php8.0-mariadb8.0:
   variables:
-    PHP_VERSION: "7.4"
+    PHP_VERSION: "8.0"
     DATABASE_ENGINE_VERSION: "mysql:8.0"
   extends:
     - .mysql-template
     - .test-template
-  except:
-    variables:
-      - $TEST_DISABLED
-  only:
-    - develop
-    - master
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
-php7.4-postgres:
-  variables:
-    PHP_VERSION: "7.4"
-  extends:
-    - .postgres-template
-    - .test-template
+#php8.0-postgres13.7:
+#  variables:
+#    PHP_VERSION: "8.0"
+#    DATABASE_ENGINE_VERSION: "postgres:13.7"
+#  extends:
+#    - .postgres-template
+#    - .test-template
+#  rules:
+#    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+#    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'

.gitlab-ci/Jobs/rpm_package_build.yml

@@ -52,7 +52,7 @@
 build-yum:
   extends: .build-rpm
   variables:
-    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo firewalld"
+    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo_c firewalld"
   script:
     - PKG_VERSION=0.3 /bin/sh rpm/scripts/build-passbolt-selinux.sh
     - *install-jq-rhel-8
@@ -62,7 +62,7 @@ build-yum-7:
   extends: .build-rpm
   image: centos:7
   variables:
-    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo firewalld"
+    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo_c firewalld"
   script:
     - PKG_VERSION=0.3 /bin/sh rpm/scripts/build-passbolt-selinux.sh
     - *install-jq-rhel-7
@@ -71,7 +71,7 @@ build-yum-7:
 build-suse:
   extends: .build-zypper
   variables:
-    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo firewalld"
+    DEPENDENCIES: "rpmdevtools rpmlint rsync selinux-policy-devel rpm-build bc createrepo_c firewalld"
   script:
     - zypper install -y rpmdevtools rpmlint rsync rpm-build bc jq
     - *build-passbolt-rpm-package
@@ -99,12 +99,12 @@ build-suse:
   - echo "%_gpg_name $GPG_KEY_ID" >> ~/.rpmmacros
 
 .publish-script: &publish-script |
-  yum install -y createrepo rpm-sign
+  yum install -y createrepo_c rpm-sign
   mkdir -p $COMPONENT/$PACKAGE_ARCH
   [ $COMPONENT == "testing" ] && rm -f $COMPONENT/$PACKAGE_ARCH/*rpm
   cp passbolt-*.rpm $COMPONENT/$PACKAGE_ARCH
   rpm --resign $COMPONENT/$PACKAGE_ARCH/*rpm
-  createrepo --update $COMPONENT
+  createrepo_c --update $COMPONENT
   echo "$(kms_decrypt $GPG_PASS | base64 -d)" | gpg --batch --yes --passphrase-fd 0 --detach-sign --armor $COMPONENT/repodata/repomd.xml
   google-cloud-sdk/bin/gsutil -m rsync -r -d $COMPONENT "gs://$REPO"
   google-cloud-sdk/bin/gsutil -m setmeta -r -h "Content-Type:text/html" \

.gitlab-ci/Jobs/style_check.yml

@@ -14,10 +14,20 @@
 check-style-strict:
   extends: .cs-check
   allow_failure: false
-  only:
-    - common
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "common"'
+      when: on_success
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
+      when: on_success
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+      when: on_success
 
 check-style:
   extends: .cs-check
-  except:
-    - common
+  rules:
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH != "common"'
+      when: on_success
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH != "develop"'
+      when: on_success
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH != "master"'
+      when: on_success

CHANGELOG.md

@@ -2,6 +2,44 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.7.0] - 2022-07-28
+### Added
+PB-17098 Add rockylinux 9 support
+PB-16751 Add Redhat 9 support
+PB-16749 Add Ubuntu 22.04 support
+PB-16950 Add Spanish and Lithuanian support
+PB-14514 Add PHP8.0 support
+PB-14514 Fix PHP8.1 compatibility issues
+PB-16161 Create action log endpoint for user CRUD
+PB-16844 Common part of the user recovery and setup audit log
+
+### Security
+PB-17068 PBL-07-002 Fix key algorithm validation should be set to strict on setup
+PB-17068 Fix OpenPGP unarmor should use base64_decode in strict mode
+PB-17068 SEC-1292 Fix unsafe default recipient email address (Credit: Ashley Primo)
+
+### Fixed
+PB-16705 As group manager updating group memberships I should not get a timeout
+PB-16949 As group manager deleting a group user the operation should not be slowed down by the folders plugin
+PB-16705 As a group manager updating group memberships I should not get a timeout due to a plugin integration
+PB-17068 Fix GroupsUsersValidatorTest psr-4 autoloading warning
+PB-17007 As AD performing a cleanup of the missing folders relations I should not get a timeout
+PB-16749 Fix jobs to reuse last job artifact instead of rebuilding it everytime
+PB-16877 Fixes ClearMfaCookieOnSetupAndRecover for controllers without User component
+PB-16666 GITHUB-432 Fix healthcheck style
+
+### Maintenance
+PB-17009 Replace createrepo by createrepo_c
+PB-16956 Misc Fixture Factories refactoring
+PB-16956 Modernize folders plugin bootstrap, add src/Plugin.php file
+PB-16806 UacAwareMiddleware trait now return UAC exclusively. More typing in UAC object.
+PB-16161 Renames ambiguous testing traits
+PB-16161Add and enhance log related factories
+PB-16791 Upgrade webinstaller openpgpjs to v5
+PB-14514 Update to composer v2.2 + Fix CI jobs
+PB-16657 Remove mariadb dependency
+PB-16161 Refactor to split folder, resource and user related logic in respective classes
+
 ## [3.6.0]
 ### Improved
 - PB-9739 OpenPGP key and message validation refactoring
@@ -932,7 +970,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - AP: User with plugin installed
 - AD: Admin
 
-[Unreleased]: https://github.com/passbolt/passbolt_api/compare/v3.5.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_api/compare/v3.6.0...HEAD
+[3.7.0]: https://github.com/passbolt/passbolt_api/compare/v3.6.0...v3.7.0
+[3.6.0]: https://github.com/passbolt/passbolt_api/compare/v3.5.0...v3.6.0
 [3.5.0]: https://github.com/passbolt/passbolt_api/compare/v3.4.0...v3.5.0
 [3.4.0]: https://github.com/passbolt/passbolt_api/compare/v3.3.1...v3.4.0
 [3.3.1]: https://github.com/passbolt/passbolt_api/compare/v3.3.0...v3.3.1