Merge pull request #913 from DependencyTrack/port-customizable-login-…

…page Port : customizable login page
DependencyTrack · Sep 18, 2024 · 8a83c7f · 8a83c7f
2 parents 3ab9f3b + 2f87416
commit 8a83c7f
Show file tree

Hide file tree

Showing 3 changed files with 152 additions and 79 deletions.
diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java
@@ -107,14 +107,17 @@ public enum ConfigPropertyConstants {
     CUSTOM_RISK_SCORE_HIGH("risk-score", "weight.high", "5", PropertyType.INTEGER, "High severity vulnerability weight (between 1-10)", ConfigPropertyAccessMode.READ_WRITE),
     CUSTOM_RISK_SCORE_MEDIUM("risk-score", "weight.medium", "3", PropertyType.INTEGER, "Medium severity vulnerability weight (between 1-10)", ConfigPropertyAccessMode.READ_WRITE),
     CUSTOM_RISK_SCORE_LOW("risk-score", "weight.low", "1", PropertyType.INTEGER, "Low severity vulnerability weight (between 1-10)", ConfigPropertyAccessMode.READ_WRITE),
-    CUSTOM_RISK_SCORE_UNASSIGNED("risk-score", "weight.unassigned", "5", PropertyType.INTEGER, "Unassigned severity vulnerability weight (between 1-10)", ConfigPropertyAccessMode.READ_WRITE);
+    CUSTOM_RISK_SCORE_UNASSIGNED("risk-score", "weight.unassigned", "5", PropertyType.INTEGER, "Unassigned severity vulnerability weight (between 1-10)", ConfigPropertyAccessMode.READ_WRITE),
+    WELCOME_MESSAGE("general", "welcome.message.html", "%20%3Chtml%3E%3Ch1%3EYour%20Welcome%20Message%3C%2Fh1%3E%3C%2Fhtml%3E", PropertyType.STRING, "Custom HTML Code that is displayed before login", ConfigPropertyAccessMode.READ_WRITE, true),
+    IS_WELCOME_MESSAGE("general", "welcome.message.enabled", "false", PropertyType.BOOLEAN, "Bool that says wheter to show the welcome message or not", ConfigPropertyAccessMode.READ_WRITE, true);
 
     private final String groupName;
     private final String propertyName;
     private final String defaultPropertyValue;
     private final PropertyType propertyType;
     private final String description;
     private final ConfigPropertyAccessMode accessMode;
+    private final Boolean isPublic;
 
     ConfigPropertyConstants(final String groupName,
                             final String propertyName,
@@ -128,11 +131,29 @@ public enum ConfigPropertyConstants {
         this.propertyType = propertyType;
         this.description = description;
         this.accessMode = accessMode;
+        this.isPublic = false;
+    }
+
+    ConfigPropertyConstants(final String groupName,
+                            final String propertyName,
+                            final String defaultPropertyValue,
+                            final PropertyType propertyType,
+                            final String description,
+                            final ConfigPropertyAccessMode accessMode,
+                            final Boolean isPublic) {
+        this.groupName = groupName;
+        this.propertyName = propertyName;
+        this.defaultPropertyValue = defaultPropertyValue;
+        this.propertyType = propertyType;
+        this.description = description;
+        this.accessMode = accessMode;
+        this.isPublic = isPublic;
     }
 
     public static ConfigPropertyConstants ofProperty(final IConfigProperty property) {
         return Arrays.stream(values())
-                .filter(value -> value.groupName.equals(property.getGroupName()) && value.propertyName.equals(property.getPropertyName()))
+                .filter(value -> value.groupName.equals(property.getGroupName())
+                        && value.propertyName.equals(property.getPropertyName()))
                 .findFirst()
                 .orElse(null);
     }
@@ -160,4 +181,8 @@ public String getDescription() {
     public ConfigPropertyAccessMode getAccessMode() {
         return accessMode;
     }
+
+    public Boolean getIsPublic() {
+        return isPublic;
+    }
 }
diff --git a/src/main/java/org/dependencytrack/resources/v1/ConfigPropertyResource.java b/src/main/java/org/dependencytrack/resources/v1/ConfigPropertyResource.java
@@ -19,8 +19,10 @@
 package org.dependencytrack.resources.v1;
 
 import alpine.model.ConfigProperty;
+import alpine.server.auth.AuthenticationNotRequired;
 import alpine.server.auth.PermissionRequired;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.ArraySchema;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -34,10 +36,12 @@
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import org.dependencytrack.auth.Permissions;
+import org.dependencytrack.model.ConfigPropertyConstants;
 import org.dependencytrack.persistence.QueryManager;
 
 import java.util.ArrayList;
@@ -155,5 +159,30 @@ public Response updateConfigProperty(List<ConfigProperty> list) {
         return Response.ok(returnList).build();
     }
 
-
+    @GET
+    @Path("/public/{groupName}/{propertyName}")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(summary = "Returns a public ConfigProperty", description = "<p></p>")
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "Public ConfigProperty returned", content = @Content(schema = @Schema(implementation = ConfigProperty.class))),
+            @ApiResponse(responseCode = "403", description = "This is not a public visible ConfigProperty")
+    })
+    @AuthenticationNotRequired
+    public Response getPublicConfigProperty(
+            @Parameter(description = "The group name of the value to retrieve", required = true)
+            @PathParam("groupName") String groupName,
+            @Parameter(description = "The property name of the value to retrieve", required = true)
+            @PathParam("propertyName") String propertyName) {
+        ConfigProperty configProperty = new ConfigProperty();
+        configProperty.setGroupName(groupName);
+        configProperty.setPropertyName(propertyName);
+        ConfigPropertyConstants publicConfigProperty = ConfigPropertyConstants.ofProperty(configProperty);
+        if (!publicConfigProperty.getIsPublic()) {
+            return Response.status(Response.Status.FORBIDDEN).build();
+        }
+        try (QueryManager qm = new QueryManager(getAlpineRequest())) {
+            ConfigProperty property = qm.getConfigProperty(groupName, propertyName);
+            return Response.ok(property).build();
+        }
+    }
 }