Merge branch 'main' into update-extension-names-in-conditionals

quarkusio · Aug 13, 2024 · 9c7b4df · 9c7b4df
2 parents cba058f + 64f0196
commit 9c7b4df
Show file tree

Hide file tree

Showing 14 changed files with 179 additions and 29 deletions.
diff --git a/.github/quarkus-github-bot.yml b/.github/quarkus-github-bot.yml
@@ -45,13 +45,9 @@ triage:
       directories:
         - extensions/amazon-lambda
         - integration-tests/amazon-lambda
-    - id: persistence
-      labels: [area/persistence]
-      title: "persistence"
-      directories:
-        - extensions/jdbc/
     - id: db2
-      labels: [area/persistence]
+      # There's no label for DB2, and JDBC/reactive-clients are handled elsewhere.
+      labels: []
       title: "db2"
       notify: [mswatosh]
       directories:
@@ -109,7 +105,7 @@ triage:
         - devtools/platform-descriptor-json/src/main/resources/codestarts/
         - devtools/platform-descriptor-json/src/main/resources/templates/
     - id: hibernate-reactive
-      labels: [area/hibernate-reactive, area/persistence]
+      labels: [area/hibernate-reactive]
       title: "hibernate.reactive"
       expression: |
         matches("hibernate", title) && matches("reactive", title)
@@ -119,7 +115,7 @@ triage:
       directories:
         - extensions/hibernate-reactive
     - id: hibernate-orm
-      labels: [area/hibernate-orm, area/persistence]
+      labels: [area/hibernate-orm]
       expression: |
         matches("hibernate", title) && !matches("reactive", title)
         && !matches("hibernate.validator", title)
@@ -732,6 +728,12 @@ triage:
       labels: [area/devservices]
       title: "dev.?services?"
       notify: [stuartwdouglas, geoand]
+    - id: jdbc
+      labels: [area/jdbc]
+      title: "jdbc"
+      notify: [barreiro,yrodiere]
+      directories:
+        - extensions/jdbc/
     - id: reactive-sql-clients
       labels: [area/reactive-sql-clients]
       title: "(reactive sql|reactive pool|pgpool|mysqlpool|db2pool)"

diff --git a/.github/quarkus-github-lottery.yml b/.github/quarkus-github-lottery.yml
@@ -28,7 +28,7 @@ participants:
       days: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY"]
       maxIssues: 3
     maintenance:
-      labels: ["area/hibernate-orm", "area/hibernate-search", "area/elasticsearch"]
+      labels: ["area/hibernate-orm", "area/hibernate-search", "area/elasticsearch", "area/jdbc"]
       days: ["WEDNESDAY"]
       feedback:
         needed:

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
@@ -119,7 +119,7 @@
         <httpasync.version>4.1.5</httpasync.version>
         <cronutils.version>9.2.1</cronutils.version>
         <quartz.version>2.3.2</quartz.version>
-        <h2.version>2.3.230</h2.version> <!-- When updating, needs to be matched in io.quarkus.hibernate.orm.runtime.config.DialectVersions -->
+        <h2.version>2.3.232</h2.version> <!-- When updating, needs to be matched in io.quarkus.hibernate.orm.runtime.config.DialectVersions -->
         <postgresql-jdbc.version>42.7.3</postgresql-jdbc.version>
         <mariadb-jdbc.version>3.4.1</mariadb-jdbc.version>
         <mysql-jdbc.version>8.3.0</mysql-jdbc.version>

diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/util/ElementUtil.java b/core/processor/src/main/java/io/quarkus/annotation/processor/util/ElementUtil.java
@@ -117,13 +117,12 @@ public boolean isAnnotationPresent(Element element, String... annotationNames) {
      */
     public boolean isLocalClass(TypeElement clazz) {
         try {
-            TypeElement topLevelClass = clazz;
-            if (clazz.getNestingKind().isNested()) {
-                topLevelClass = (TypeElement) clazz.getEnclosingElement();
+            while (clazz.getNestingKind().isNested()) {
+                clazz = (TypeElement) clazz.getEnclosingElement();
             }
 
             processingEnv.getFiler().getResource(StandardLocation.SOURCE_PATH, "",
-                    topLevelClass.getQualifiedName().toString().replace('.', '/') + ".java");
+                    clazz.getQualifiedName().toString().replace('.', '/') + ".java");
             return true;
         } catch (Exception e) {
             return false;

diff --git a/...te-orm/runtime/src/main/java/io/quarkus/hibernate/orm/runtime/config/DialectVersions.java b/...te-orm/runtime/src/main/java/io/quarkus/hibernate/orm/runtime/config/DialectVersions.java
@@ -23,7 +23,7 @@ public static final class Defaults {
 
         // This must be aligned on the H2 version in the Quarkus BOM
         // This must never be removed
-        public static final String H2 = "2.3.230";
+        public static final String H2 = "2.3.232";
 
         private Defaults() {
         }

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcIdentityProvider.java
@@ -477,7 +477,7 @@ private Uni<TokenVerificationResult> verifyTokenUni(Map<String, Object> requestD
                                 resolvedContext.oidcConfig.token.isSubjectRequired(), nonce));
             } catch (Throwable t) {
                 if (t.getCause() instanceof UnresolvableKeyException) {
-                    LOG.debug("No matching JWK key is found, refreshing and repeating the verification");
+                    LOG.debug("No matching JWK key is found, refreshing and repeating the token verification");
                     return refreshJwksAndVerifyTokenUni(resolvedContext, token, enforceAudienceVerification,
                             resolvedContext.oidcConfig.token.isSubjectRequired(), nonce);
                 } else {

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProvider.java
@@ -41,6 +41,7 @@
 import io.quarkus.oidc.UserInfo;
 import io.quarkus.oidc.common.runtime.OidcCommonUtils;
 import io.quarkus.oidc.common.runtime.OidcConstants;
+import io.quarkus.oidc.runtime.OidcProviderClient.UserInfoResponse;
 import io.quarkus.security.AuthenticationFailedException;
 import io.quarkus.security.credential.TokenCredential;
 import io.smallrye.jwt.algorithm.SignatureAlgorithm;
@@ -65,6 +66,7 @@ public class OidcProvider implements Closeable {
             AlgorithmConstraints.ConstraintType.PERMIT, ASYMMETRIC_SUPPORTED_ALGORITHMS);
     private static final AlgorithmConstraints SYMMETRIC_ALGORITHM_CONSTRAINTS = new AlgorithmConstraints(
             AlgorithmConstraints.ConstraintType.PERMIT, SignatureAlgorithm.HS256.getAlgorithm());
+    private static final String APPLICATION_JWT_CONTENT_TYPE = "application/jwt";
     static final String ANY_ISSUER = "any";
 
     private final List<Validator> customValidators;
@@ -407,7 +409,40 @@ private static final long now() {
     }
 
     public Uni<UserInfo> getUserInfo(String accessToken) {
-        return client.getUserInfo(accessToken);
+        return client.getUserInfo(accessToken).onItem()
+                .transformToUni(new Function<UserInfoResponse, Uni<? extends UserInfo>>() {
+
+                    @Override
+                    public Uni<UserInfo> apply(UserInfoResponse response) {
+                        if (APPLICATION_JWT_CONTENT_TYPE.equals(response.contentType())) {
+                            if (oidcConfig.jwks.resolveEarly) {
+                                try {
+                                    LOG.debugf("Verifying the signed UserInfo with the local JWK keys: %s", response.data());
+                                    return Uni.createFrom().item(
+                                            new UserInfo(
+                                                    verifyJwtToken(response.data(), true, false, null).localVerificationResult
+                                                            .encode()));
+                                } catch (Throwable t) {
+                                    if (t.getCause() instanceof UnresolvableKeyException) {
+                                        LOG.debug(
+                                                "No matching JWK key is found, refreshing and repeating the signed UserInfo verification");
+                                        return refreshJwksAndVerifyJwtToken(response.data(), true, false, null)
+                                                .onItem().transform(v -> new UserInfo(v.localVerificationResult.encode()));
+                                    } else {
+                                        LOG.debugf("Signed UserInfo verification has failed: %s", t.getMessage());
+                                        return Uni.createFrom().failure(t);
+                                    }
+                                }
+                            } else {
+                                return getKeyResolverAndVerifyJwtToken(new TokenCredential(response.data(), "userinfo"), true,
+                                        false, null, true)
+                                        .onItem().transform(v -> new UserInfo(v.localVerificationResult.encode()));
+                            }
+                        } else {
+                            return Uni.createFrom().item(new UserInfo(response.data()));
+                        }
+                    }
+                });
     }
 
     public Uni<AuthorizationCodeTokens> getCodeFlowTokens(String code, String redirectUri, String codeVerifier) {

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java
@@ -15,7 +15,6 @@
 import io.quarkus.oidc.OidcConfigurationMetadata;
 import io.quarkus.oidc.OidcTenantConfig;
 import io.quarkus.oidc.TokenIntrospection;
-import io.quarkus.oidc.UserInfo;
 import io.quarkus.oidc.common.OidcEndpoint;
 import io.quarkus.oidc.common.OidcRequestContextProperties;
 import io.quarkus.oidc.common.OidcRequestFilter;
@@ -36,7 +35,6 @@
 public class OidcProviderClient implements Closeable {
     private static final Logger LOG = Logger.getLogger(OidcProviderClient.class);
 
-    private static final String TENANT_ID_ATTRIBUTE = "oidc-tenant-id";
     private static final String AUTHORIZATION_HEADER = String.valueOf(HttpHeaders.AUTHORIZATION);
     private static final String CONTENT_TYPE_HEADER = String.valueOf(HttpHeaders.CONTENT_TYPE);
     private static final String ACCEPT_HEADER = String.valueOf(HttpHeaders.ACCEPT);
@@ -93,7 +91,7 @@ public Uni<JsonWebKeySet> getJsonWebKeySet(OidcRequestContextProperties contextP
                 .transform(resp -> getJsonWebKeySet(resp));
     }
 
-    public Uni<UserInfo> getUserInfo(String token) {
+    public Uni<UserInfoResponse> getUserInfo(String token) {
         LOG.debugf("Get UserInfo on: %s auth: %s", metadata.getUserInfoUri(), OidcConstants.BEARER_SCHEME + " " + token);
         return OidcCommonUtils
                 .sendRequest(vertx,
@@ -221,8 +219,8 @@ private AuthorizationCodeTokens getAuthorizationCodeTokens(HttpResponse<Buffer>
         return new AuthorizationCodeTokens(idToken, accessToken, refreshToken, tokenExpiresIn);
     }
 
-    private UserInfo getUserInfo(HttpResponse<Buffer> resp) {
-        return new UserInfo(getString(metadata.getUserInfoUri(), resp));
+    private UserInfoResponse getUserInfo(HttpResponse<Buffer> resp) {
+        return new UserInfoResponse(resp.getHeader(CONTENT_TYPE_HEADER), getString(metadata.getUserInfoUri(), resp));
     }
 
     private TokenIntrospection getTokenIntrospection(HttpResponse<Buffer> resp) {
@@ -290,4 +288,7 @@ public Vertx getVertx() {
     public WebClient getWebClient() {
         return client;
     }
+
+    static record UserInfoResponse(String contentType, String data) {
+    };
 }
diff --git a/integration-tests/jpa-h2-embedded/src/main/java/io/quarkus/it/jpa/h2/DialectEndpoint.java b/integration-tests/jpa-h2-embedded/src/main/java/io/quarkus/it/jpa/h2/DialectEndpoint.java
@@ -1,6 +1,9 @@
 package io.quarkus.it.jpa.h2;
 
 import java.io.IOException;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
 
 import jakarta.inject.Inject;
 import jakarta.ws.rs.GET;
@@ -13,16 +16,27 @@
 
 import io.quarkus.hibernate.orm.runtime.config.DialectVersions;
 
-@Path("/dialect/version")
+@Path("/dialect/")
 @Produces(MediaType.TEXT_PLAIN)
 public class DialectEndpoint {
     @Inject
     SessionFactory sessionFactory;
+    @Inject
+    DataSource dataSource;
 
     @GET
-    public String test() throws IOException {
+    @Path("version")
+    public String version() throws IOException {
         var version = sessionFactory.unwrap(SessionFactoryImplementor.class).getJdbcServices().getDialect().getVersion();
         return DialectVersions.toString(version);
     }
 
+    @GET
+    @Path("actual-db-version")
+    public String actualDbVersion() throws IOException, SQLException {
+        try (var conn = dataSource.getConnection()) {
+            return conn.getMetaData().getDatabaseProductVersion();
+        }
+    }
+
 }
diff --git a/integration-tests/jpa-h2-embedded/src/test/java/io/quarkus/it/jpa/h2/DialectTest.java b/integration-tests/jpa-h2-embedded/src/test/java/io/quarkus/it/jpa/h2/DialectTest.java
@@ -15,12 +15,23 @@
 public class DialectTest {
 
     /**
-     * This is important to avoid https://github.com/quarkusio/quarkus/issues/1886
+     * This is important for backwards compatibility reasons:
+     * we want to keep using at least the same version as before by default.
      */
     @Test
     public void version() {
         String version = RestAssured.when().get("/dialect/version").then().extract().body().asString();
         assertThat(version).startsWith(DialectVersions.Defaults.H2);
     }
 
+    /**
+     * This is important to avoid https://github.com/quarkusio/quarkus/issues/1886
+     */
+    @Test
+    public void actualDbVersion() {
+        String version = RestAssured.when().get("/dialect/actual-db-version").then().extract().body().asString();
+        // Can't use "equal" as the returned string includes trailing information (build date, ...)
+        assertThat(version).startsWith(DialectVersions.Defaults.H2);
+    }
+
 }
diff --git a/integration-tests/jpa-h2/src/main/java/io/quarkus/it/jpa/h2/DialectEndpoint.java b/integration-tests/jpa-h2/src/main/java/io/quarkus/it/jpa/h2/DialectEndpoint.java
@@ -1,6 +1,9 @@
 package io.quarkus.it.jpa.h2;
 
 import java.io.IOException;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
 
 import jakarta.inject.Inject;
 import jakarta.ws.rs.GET;
@@ -13,16 +16,27 @@
 
 import io.quarkus.hibernate.orm.runtime.config.DialectVersions;
 
-@Path("/dialect/version")
+@Path("/dialect/")
 @Produces(MediaType.TEXT_PLAIN)
 public class DialectEndpoint {
     @Inject
     SessionFactory sessionFactory;
+    @Inject
+    DataSource dataSource;
 
     @GET
-    public String test() throws IOException {
+    @Path("version")
+    public String version() throws IOException {
         var version = sessionFactory.unwrap(SessionFactoryImplementor.class).getJdbcServices().getDialect().getVersion();
         return DialectVersions.toString(version);
     }
 
+    @GET
+    @Path("actual-db-version")
+    public String actualDbVersion() throws IOException, SQLException {
+        try (var conn = dataSource.getConnection()) {
+            return conn.getMetaData().getDatabaseProductVersion();
+        }
+    }
+
 }
diff --git a/integration-tests/jpa-h2/src/test/java/io/quarkus/it/jpa/h2/DialectTest.java b/integration-tests/jpa-h2/src/test/java/io/quarkus/it/jpa/h2/DialectTest.java
@@ -15,12 +15,23 @@
 public class DialectTest {
 
     /**
-     * This is important to avoid https://github.com/quarkusio/quarkus/issues/1886
+     * This is important for backwards compatibility reasons:
+     * we want to keep using at least the same version as before by default.
      */
     @Test
     public void version() {
         String version = RestAssured.when().get("/dialect/version").then().extract().body().asString();
         assertThat(version).startsWith(DialectVersions.Defaults.H2);
     }
 
+    /**
+     * This is important to avoid https://github.com/quarkusio/quarkus/issues/1886
+     */
+    @Test
+    public void actualDbVersion() {
+        String version = RestAssured.when().get("/dialect/actual-db-version").then().extract().body().asString();
+        // Can't use "equal" as the returned string includes trailing information (build date, ...)
+        assertThat(version).startsWith(DialectVersions.Defaults.H2);
+    }
+
 }
diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -123,7 +123,7 @@ quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.application-type=hybri
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.auth-server-url=${keycloak.url}/realms/quarkus/
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.authorization-path=/
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.token-path=access_token_refreshed
-quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.user-info-path=protocol/openid-connect/userinfo
+quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.user-info-path=protocol/openid-connect/signeduserinfo
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.jwks-path=${keycloak.url}/realms/quarkus/protocol/openid-connect/certs
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.code-grant.extra-params.extra-param=extra-param-value
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.code-grant.headers.X-Custom=XCustomHeaderValue
@@ -233,6 +233,8 @@ quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".min-level=TRACE
 quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".level=TRACE
 quarkus.log.category."io.quarkus.oidc.runtime.OidcProviderClient".min-level=TRACE
 quarkus.log.category."io.quarkus.oidc.runtime.OidcProviderClient".level=TRACE
+quarkus.log.file.enable=true
+quarkus.log.file.format=%C - %s%n
 
 quarkus.http.auth.permission.logout.paths=/code-flow/logout
 quarkus.http.auth.permission.logout.policy=authenticated