Merge branch 'develop' into feature/recover-password

build.gradle.kts

@@ -3,12 +3,12 @@ import org.gradle.api.tasks.testing.logging.TestLogEvent
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
-    id("org.springframework.boot") version "3.0.0"
+    id("org.springframework.boot") version "3.1.1"
     id("io.spring.dependency-management") version "1.1.0"
     kotlin("jvm") version "1.8.10"
     kotlin("plugin.spring") version "1.8.10"
     kotlin("plugin.jpa") version "1.8.10"
-    id("org.jlleitschuh.gradle.ktlint") version "11.2.0"
+    id("org.jlleitschuh.gradle.ktlint") version "11.4.2"
     id("com.epages.restdocs-api-spec") version "0.17.1"
 
     jacoco
@@ -33,21 +33,21 @@ dependencies {
     implementation("org.jetbrains.kotlin:kotlin-reflect")
     implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
     implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
-    implementation("ch.qos.logback:logback-core:1.4.5")
+    implementation("ch.qos.logback:logback-core:1.4.8")
     implementation("org.slf4j:slf4j-api:2.0.6")
     implementation("com.cloudinary:cloudinary:1.0.14")
     annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
-    implementation("org.springframework.boot:spring-boot-starter-validation:3.0.0")
+    implementation("org.springframework.boot:spring-boot-starter-validation:3.1.1")
     developmentOnly("org.springframework.boot:spring-boot-devtools")
     runtimeOnly("com.h2database:h2")
     testImplementation("org.springframework.boot:spring-boot-starter-test")
-    testImplementation("ch.qos.logback:logback-classic:1.4.5")
+    testImplementation("ch.qos.logback:logback-classic:1.4.8")
     testImplementation("org.springframework.restdocs:spring-restdocs-mockmvc:3.0.0")
     testImplementation("com.epages:restdocs-api-spec-mockmvc:0.17.1")
     testImplementation("org.springframework.boot:spring-boot-starter-test") {
         exclude(group = "org.mockito2", module = "mockito-core")
     }
-    testImplementation("org.mockito:mockito-inline:5.0.0")
+    testImplementation("org.mockito:mockito-inline:5.2.0")
 }
 
 tasks.withType<KotlinCompile> {

src/main/kotlin/pt/up/fe/ni/website/backend/config/auth/AuthConfig.kt → src/main/kotlin/pt/up/fe/ni/website/backend/config/security/AuthConfig.kt

@@ -19,9 +19,6 @@ import org.springframework.security.oauth2.jwt.NimbusJwtEncoder
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
 import org.springframework.security.web.SecurityFilterChain
-import org.springframework.web.cors.CorsConfiguration
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource
-import org.springframework.web.filter.CorsFilter
 import org.springframework.web.servlet.HandlerExceptionResolver
 
 @Configuration
@@ -61,18 +58,6 @@ class AuthConfig(
         return BCryptPasswordEncoder()
     }
 
-    @Bean
-    fun corsFilter(): CorsFilter {
-        // TODO: This is a temporary solution. We should use a proper CORS filter.
-        val source = UrlBasedCorsConfigurationSource()
-        val config = CorsConfiguration()
-        config.addAllowedOrigin("*")
-        config.addAllowedHeader("*")
-        config.addAllowedMethod("*")
-        source.registerCorsConfiguration("/**", config)
-        return CorsFilter(source)
-    }
-
     fun rolesConverter(): JwtAuthenticationConverter? {
         val authoritiesConverter = JwtGrantedAuthoritiesConverter()
         authoritiesConverter.setAuthorityPrefix("ROLE_")

src/main/kotlin/pt/up/fe/ni/website/backend/config/security/CorsConfig.kt

@@ -0,0 +1,31 @@
+package pt.up.fe.ni.website.backend.config.auth
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+import org.springframework.web.filter.CorsFilter
+
+@Configuration
+@EnableWebSecurity
+class CorsConfig {
+    @field:Value("\${cors.allow-origin}")
+    final lateinit var origin: String
+
+    @Bean
+    fun corsFilter(): CorsFilter {
+        val source = UrlBasedCorsConfigurationSource()
+        val config = CorsConfiguration()
+        config.addAllowedOrigin(origin)
+        config.addAllowedHeader("*")
+        config.addAllowedMethod("GET")
+        config.addAllowedMethod("POST")
+        config.addAllowedMethod("PUT")
+        config.addAllowedMethod("PATCH")
+        config.addAllowedMethod("DELETE")
+        source.registerCorsConfiguration("/**", config)
+        return CorsFilter(source)
+    }
+}

src/main/kotlin/pt/up/fe/ni/website/backend/model/Activity.kt

@@ -22,26 +22,26 @@ import pt.up.fe.ni.website.backend.model.constants.ActivityConstants as Constant
 abstract class Activity(
     @JsonProperty(required = true)
     @field:Size(min = Constants.Title.minSize, max = Constants.Title.maxSize)
-    var title: String,
+    open var title: String,
 
     @JsonProperty(required = true)
     @field:Size(min = Constants.Description.minSize, max = Constants.Description.maxSize)
-    var description: String,
+    open var description: String,
 
     @JoinColumn
     @OneToMany(fetch = FetchType.EAGER)
-    val teamMembers: MutableList<Account>,
+    open val teamMembers: MutableList<Account>,
 
     @OneToMany(cascade = [CascadeType.ALL], mappedBy = "activity")
     @OrderColumn
     @JsonIgnore // TODO: Decide if we want to return perRoles (or IDs) by default
-    val associatedRoles: MutableList<@Valid PerActivityRole> = mutableListOf(),
+    open val associatedRoles: MutableList<@Valid PerActivityRole> = mutableListOf(),
 
     @Column(unique = true)
     @field:Size(min = Constants.Slug.minSize, max = Constants.Slug.maxSize)
-    val slug: String? = null,
+    open val slug: String? = null,
 
     @Id
     @GeneratedValue
-    val id: Long? = null
+    open val id: Long? = null
 )

src/main/resources/application.properties

@@ -18,6 +18,7 @@ server.error.whitelabel.enabled=false
 spring.jackson.default-property-inclusion=non_null
 spring.jackson.deserialization.fail-on-null-creator-properties=true
 spring.jackson.date-format=dd-MM-yyyy
+spring.jackson.time-zone=Europe/Lisbon
 
 # Auth Config
 auth.private-key=classpath:certs/private.pem
@@ -39,6 +40,5 @@ upload.static-serve=http://localhost:3000/static
 # Backend URL
 backend.url=http://localhost:8080
 
-# Due to a problem with Hibernate, which is using a deprecated property. This should be removed when fixed
-# See https://github.com/spring-projects/spring-data-jpa/issues/2717 for more information
-spring.jpa.properties.jakarta.persistence.sharedCache.mode=UNSPECIFIED
+# Cors Origin
+cors.allow-origin = http://localhost:3000