Merge branch 'release' into 'master'

v4.9.1

See merge request passbolt/passbolt-ce-api!305

Author: cedricalfonsi

.github/workflows/release.yaml

@@ -9,9 +9,11 @@ jobs:
     build:
         name: Create release
         runs-on: ubuntu-latest
+        permissions:
+            contents: write
         steps:
-            - uses: actions/checkout@v3
-            - env:
-                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-              name: Create Release
+            - uses: actions/checkout@v4
+            - name: Create Release
+              env:
+                  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
               run: gh release create "${GITHUB_REF#refs/*/}" -t "$(grep name config/version.php | awk -F "'" '{print $4}')" --notes-file RELEASE_NOTES.md

.github/workflows/release_candidate.yaml

@@ -9,9 +9,11 @@ jobs:
     build:
         name: Create release candidate
         runs-on: ubuntu-latest
+        permissions:
+            contents: write
         steps:
-            - uses: actions/checkout@v3
-            - env:
-                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-              name: Create Release candidate
+            - uses: actions/checkout@v4
+            - name: Create Release candidate
+              env:
+                  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
               run: gh release create "${GITHUB_REF#refs/*/}" -t "$(grep name config/version.php | awk -F "'" '{print $4}')" -p --notes-file RELEASE_NOTES.md

.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml

@@ -263,10 +263,10 @@ seq-php8.0-mariadb8.0:
 #    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
 #    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
-seq-php8.3-mysql8:
+seq-php8.3-mariadb10.5:
   variables:
     PHP_VERSION: "8.3"
-    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mysql:8.0"
+    DATABASE_ENGINE_VERSION: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/mariadb:10.5"
   extends:
     - .mysql-template
     - .test-template

CHANGELOG.md

@@ -2,6 +2,34 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.9.1] - 2024-08-13
+### Fixed
+- PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL
+
+### Improved
+- PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
+- PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
+- PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed
+
+### Maintenance
+- PB-32991 Optimizes CI pipeline run time on api repositories
+- PB-34219 Adds validation to retention days option in the action_logs_purge command
+- PB-33333 Refactor various tests to use fixture factories
+
+## [4.9.1-test.1] - 2024-08-12
+### Fixed
+- PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL
+
+### Improved
+- PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
+- PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
+- PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed
+
+### Maintenance
+- PB-32991 Optimizes CI pipeline run time on api repositories
+- PB-34219 Adds validation to retention days option in the action_logs_purge command
+- PB-33333 Refactor various tests to use fixture factories
+
 ## [4.9.0] - 2024-07-23
 ### Added
 - PB-33690 Improves response times by adding an index to gpgkeys.user_id column

RELEASE_NOTES.md

@@ -1,31 +1,25 @@
-Release song: https://youtu.be/zUzd9KyIDrM?si=bPS9Qu1t351eZEHH
+Release song: https://www.youtube.com/watch?v=W8PTWqE2SVw
 
-Passbolt v4.9.0 is a significant update that addresses long-standing user requests and enhances performance. In this release, a highly requested feature was introduced where the passwords workspace now displays the location of resources. This addition provides extra meta information to help users efficiently identify passwords and where they are located. Additionally, the search functionality has been improved to use resource locations as meta information. Users can now retrieve a resource by using the names of its parent folders, which can greatly simplify the process of finding passwords depending on your organisation's classification system.
+Passbolt is pleased to announce the immediate availability of version v4.9.1.
 
-The team has also focused on various performance improvements to meet the growing needs of organisations managing an increasing number of passwords. These enhancements also prepare the way for the upcoming v5.0.0, which will support more content types and include an additional encryption layer. Both the API and the browser extension have been optimised, resulting in a 50% improvement in retrieving and treating collections of resources, according to our benchmarks.
+Passbolt v4.9.1 is a maintenance update that fixes issues reported by the community.
+Among other fixes, this version addresses a compatibility issue with the PostgreSQL database, where users encountered
+difficulties sharing passwords with users or groups when different cases were involved in their names.
 
-## [4.9.0] - 2024-07-23
-### Added
-- PB-33690 Improves response times by adding an index to gpgkeys.user_id column
-- PB-33639 Adds additional contain parameters to share/search-aros.json for enhanced performance
-- PB-33936 Adds a has-users filter to gpgkeys.json index endpoint
-- PB-33813 Adds a fixed limit to the search-aros.json endpoint
+Additionally, system administrator tools have been improved to better handle the purge of action logs on large datasets.
 
+We would like to express our appreciation to the community for their assistance in improving Passbolt!
+
+## [4.9.1] - 2024-08-13
 ### Fixed
-- PB-33616 As a user creating a resource I should get a validation error if the secret is a string and not an array
-- PB-33664 Fix missing "is" in the database schema up to date sentence (GITHUB #517)
+- PB-34220 As a user I can search by users and groups case insensitively on PostgreSQL
 
 ### Improved
-- PB-33429 As a user I should retrieve resources and folders parent folders in a single query
-- PB-33826 Improves the performance of resources.json by improving the datetime fields processing
-- PB-24995 Improves last_logged_in property query performance to reduce response time of users.json endpoint
-- PB-33653 Improves is_mfa_enabled property query performance to reduce response time of users.json endpoint
-- PB-33702 Improves has-access filter performance on users.json
-- PB-32591 Validate passbolt.plugins.smtpSettings.security configuration values before passing it to SMTP server
-- PB-33214 Update sql export / improve mysql backup command compatibility with mariadb-dump
+- PB-34246 As an administrator purging the action logs table, I can set a limit option (100k per default)
+- PB-34247 Adds a set of actions to be purged by the passbolt action_logs_purge command
+- PB-33939 As an administrator when running bin/cake passbolt -h, I should see all the passbolt commands listed
 
 ### Maintenance
-- PB-33692 Bump enygma/yubikey to v3.8
-
-### Security
-- PB-33747 Fix command injections vulnerabilities in composer/composer package
+- PB-32991 Optimizes CI pipeline run time on api repositories
+- PB-34219 Adds validation to retention days option in the action_logs_purge command
+- PB-33333 Refactor various tests to use fixture factories

config/version.php

@@ -1,8 +1,8 @@
 <?php
 return [
     'passbolt' => [
-        'version' => '4.9.0',
-        'name' => 'B.Y.O.B.',
+        'version' => '4.9.1',
+        'name' => 'Rebelion',
     ],
     'php' => [
         'minVersion' => '7.4',

plugins/PassboltCe/EmailDigest/src/Command/PreviewCommand.php

@@ -33,13 +33,21 @@ class PreviewCommand extends PassboltCommand
      */
     public const EMAIL_SEPARATOR = '------------------------';
 
+    /**
+     * @inheritDoc
+     */
+    public static function getCommandDescription(): string
+    {
+        return __('Preview a batch of queued emails as emails digests.');
+    }
+
     /**
      * @inheritDoc
      */
     public function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionParser
     {
+        $parser = parent::buildOptionParser($parser);
         $parser
-            ->setDescription(__('Preview a batch of queued emails as emails digests.'))
             ->addOption('limit', [
                 'short' => 'l',
                 'help' => __('How many emails should be in this batch?'),

plugins/PassboltCe/EmailDigest/src/Command/SenderCommand.php

@@ -27,13 +27,21 @@
 
 class SenderCommand extends PassboltCommand
 {
+    /**
+     * @inheritDoc
+     */
+    public static function getCommandDescription(): string
+    {
+        return __('Sends a batch of queued emails as emails digests.');
+    }
+
     /**
      * @inheritDoc
      */
     public function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionParser
     {
+        $parser = parent::buildOptionParser($parser);
         $parser
-            ->setDescription(__('Sends a batch of queued emails as emails digests.'))
             ->addOption('limit', [
                 'short' => 'l',
                 'help' => __('How many emails should be sent in this batch?'),

plugins/PassboltCe/Folders/src/Model/Traits/Folders/FoldersFindersTrait.php

@@ -19,6 +19,7 @@
 
 use App\Model\Table\AvatarsTable;
 use App\Model\Table\PermissionsTable;
+use App\Model\Traits\Query\CaseInsensitiveSearchQueryTrait;
 use Cake\Database\Expression\IdentifierExpression;
 use Cake\ORM\Query;
 use Cake\Validation\Validation;
@@ -34,6 +35,8 @@
  */
 trait FoldersFindersTrait
 {
+    use CaseInsensitiveSearchQueryTrait;
+
     /**
      * Build the query that fetches data for folders index
      *
@@ -206,17 +209,16 @@ public function filterByIds(Query $query, array $folderIds)
      * $query = $Folders->find();
      * $Groups->_filterQueryBySearch($query, 'creative');
      *
-     * Should filter all the groups with a name containing creative.
+     * Should filter all the folders with a name containing creative.
+     * Search should be case-insensitive
      *
      * @param \Cake\ORM\Query $query Query to filter
      * @param string $name Name to filter
      * @return \Cake\ORM\Query
      */
-    public function filterQueryBySearch(Query $query, string $name)
+    public function filterQueryBySearch(Query $query, string $name): Query
     {
-        return $query->where([
-            ['Folders.name LIKE' => '%' . $name . '%'],
-        ]);
+        return $this->searchCaseInsensitiveOnField($query, 'Folders.name', $name);
     }
 
     /**

plugins/PassboltCe/Folders/tests/TestCase/Controller/Folders/FoldersIndexControllerFactoriesTest.php

@@ -0,0 +1,43 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.9.1
+ */
+
+namespace Passbolt\Folders\Test\TestCase\Controller\Folders;
+
+use Passbolt\Folders\Test\Factory\FolderFactory;
+use Passbolt\Folders\Test\Lib\FoldersIntegrationTestCase;
+
+/**
+ * @uses \Passbolt\Folders\Controller\Folders\FoldersIndexController
+ */
+class FoldersIndexControllerFactoriesTest extends FoldersIntegrationTestCase
+{
+    public function testFoldersIndexController_FilterBySearchSuccess()
+    {
+        $user = $this->logInAsUser();
+        FolderFactory::make(['foo', 'FOO', 'bar'])->withPermissionsFor([$user])->persist();
+
+        $this->getJson('/folders.json?filter[search]=O');
+        $this->assertSuccess();
+        $this->assertEquals(2, count($this->_responseJsonBody));
+        $this->assertNotContains('bar', $this->_responseJsonBody);
+
+        $this->getJson('/folders.json?filter[search]=o');
+        $this->assertSuccess();
+        $this->assertEquals(2, count($this->_responseJsonBody));
+        $this->assertNotContains('bar', $this->_responseJsonBody);
+    }
+}

plugins/PassboltCe/Folders/tests/TestCase/Controller/Folders/FoldersIndexControllerTest.php

@@ -32,7 +32,6 @@
 use App\Test\Lib\Model\GroupsUsersModelTrait;
 use App\Test\Lib\Model\PermissionsModelTrait;
 use App\Utility\UuidFactory;
-use Cake\Core\Configure;
 use Cake\Utility\Hash;
 use Passbolt\Folders\Test\Lib\FoldersIntegrationTestCase;
 use Passbolt\Folders\Test\Lib\Model\FoldersModelTrait;
@@ -63,57 +62,6 @@ class FoldersIndexControllerTest extends FoldersIntegrationTestCase
         GroupsFixture::class,
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        Configure::write('passbolt.plugins.folders', ['enabled' => true]);
-    }
-
-    private function insertFixtureCase1()
-    {
-        // Ada has access to folder Lovelace and Something as a OWNER
-        // Lovelace (Ada:O)   Something (Ada:O)
-        $userId = UuidFactory::uuid('user.id.ada');
-        $folderA = $this->addFolderFor(['name' => 'Lovelace'], [$userId => Permission::OWNER]);
-        $this->addFolderFor(['name' => 'Something', 'folder_parent_id' => $folderA->id], [$userId => Permission::OWNER]);
-    }
-
-    /**
-     * @return void
-     */
-    public function testFoldersIndexFilterBySearchSuccess()
-    {
-        $this->insertFixtureCase1();
-
-        $this->authenticateAs('ada');
-
-        $this->getJson('/folders.json?api-version=2&filter[search]=Love');
-        $this->assertSuccess();
-        $this->assertEquals(count($this->_responseJsonBody), 1);
-        $this->assertEquals($this->_responseJsonBody[0]->name, 'Lovelace');
-        $this->assertNotContains('Something', $this->_responseJsonBody);
-
-        $this->getJson('/folders.json?api-version=2&filter[search]=ovela');
-        $this->assertSuccess();
-        $this->assertEquals(count($this->_responseJsonBody), 1);
-        $this->assertEquals($this->_responseJsonBody[0]->name, 'Lovelace');
-        $this->assertNotContains('Something', $this->_responseJsonBody);
-
-        $this->getJson('/folders.json?api-version=2&filter[search]=ace');
-        $this->assertSuccess();
-        $this->assertEquals(count($this->_responseJsonBody), 1);
-        $this->assertEquals($this->_responseJsonBody[0]->name, 'Lovelace');
-        $this->assertNotContains('Something', $this->_responseJsonBody);
-
-        $this->getJson('/folders.json?api-version=2&filter[search]=Lovelace');
-        $this->assertSuccess();
-        $this->assertEquals(count($this->_responseJsonBody), 1);
-        $this->assertEquals($this->_responseJsonBody[0]->name, 'Lovelace');
-        $this->assertNotContains('Something', $this->_responseJsonBody);
-
-        $this->assertSuccess();
-    }
-
     private function insertFixtureCase2()
     {
         // Ada has access to folder Lovelace and Something as a OWNER

plugins/PassboltCe/Folders/tests/TestCase/Model/Table/Folders/FoldersTableTest.php

@@ -265,6 +265,7 @@ public function testFindIndex_FilterBySearch()
             'SpecialName', // Ending Partial Match,
             'Folder', // Starting Partial Match,
             'WithSpecial', // Middle Partial Match
+            'folderwithspecialname', // Lower case
         ];
 
         foreach ($matchingNames as $matchingName) {

plugins/PassboltCe/JwtAuthentication/src/Command/CreateAccessTokenCommand.php

@@ -44,13 +44,21 @@ public function initialize(): void
         $this->Users = $this->fetchTable('Users');
     }
 
+    /**
+     * @inheritDoc
+     */
+    public static function getCommandDescription(): string
+    {
+        return __('Create a JSON Web Token.');
+    }
+
     /**
      * @inheritDoc
      */
     public function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionParser
     {
+        $parser = parent::buildOptionParser($parser);
         $parser
-            ->setDescription(__('Create a JSON Web Token.'))
             ->addOption('username', [
                 'help' => 'The username to create a user for.',
                 'short' => 'u',

plugins/PassboltCe/JwtAuthentication/src/Command/CreateJwtKeysCommand.php

@@ -25,13 +25,22 @@
 
 class CreateJwtKeysCommand extends PassboltCommand
 {
+    /**
+     * @inheritDoc
+     */
+    public static function getCommandDescription(): string
+    {
+        return __('Create a JWT key pair.');
+    }
+
     /**
      * @inheritDoc
      */
     public function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionParser
     {
+        $parser = parent::buildOptionParser($parser);
+
         $parser
-            ->setDescription(__('Create a JWT key pair.'))
             ->addOption('force', [
                 'help' => 'Override the key files if found.',
                 'default' => 'false',