Merge branch 'master' of https://github.com/logicaldoc/community

logicaldoc-android/pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>com.logicaldoc</groupId>
 		<artifactId>logicaldoc</artifactId>
-		<version>8.8.6</version>
+		<version>8.9.0</version>
 	</parent>
 	<artifactId>logicaldoc-android</artifactId>
 	<name>logicaldoc-android</name>

logicaldoc-android/src/main/resources/plugin.xml

@@ -88,7 +88,7 @@
 <!ELEMENT value (#PCDATA)>
 ]>
 
-<plugin id="logicaldoc-android" version="8.8.6" class="com.logicaldoc.android.AndroidPlugin">
+<plugin id="logicaldoc-android" version="8.9.0" class="com.logicaldoc.android.AndroidPlugin">
 	<requires>
 		<import plugin-id="logicaldoc-core" />
 	</requires>

logicaldoc-cmis/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>com.logicaldoc</groupId>
 		<artifactId>logicaldoc</artifactId>
-		<version>8.8.6</version>
+		<version>8.9.0</version>
 	</parent>
 
 	<artifactId>logicaldoc-cmis</artifactId>

logicaldoc-cmis/src/main/resources/plugin.xml

@@ -88,7 +88,7 @@
 <!ELEMENT value (#PCDATA)>
 ]>
 
-<plugin id="logicaldoc-cmis" version="8.8.6" class="com.logicaldoc.cmis.CmisPlugin">
+<plugin id="logicaldoc-cmis" version="8.9.0" class="com.logicaldoc.cmis.CmisPlugin">
 	<requires>
 		<import plugin-id="logicaldoc-core" />
 	</requires>

logicaldoc-core/pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>com.logicaldoc</groupId>
 		<artifactId>logicaldoc</artifactId>
-		<version>8.8.6</version>
+		<version>8.9.0</version>
 	</parent>
 	<artifactId>logicaldoc-core</artifactId>
 	<name>logicaldoc-core</name>

logicaldoc-core/src/main/java/com/logicaldoc/core/SystemInfo.java

@@ -32,7 +32,7 @@ public class SystemInfo {
 
 	protected String product = "LogicalDOC";
 
-	protected String release = "8.8.5";
+	protected String release = "8.9";
 
 	protected String year = "2006-2023";
 

logicaldoc-core/src/main/java/com/logicaldoc/core/document/DocumentEvent.java

@@ -39,7 +39,7 @@ public enum DocumentEvent {
 	REMOVED_FROM_CALEVENT("event.caldel"),
 	SUBSCRIBED("event.subscribed"),
 	STAMPED("event.stamped"),
-	DTICKET_CREATED("event.dticket.created"),
+	TICKET_CREATED("event.ticket.created"),
 	PASSWORD_PROTECTED("event.password.protected"),
 	PASSWORD_UNPROTECTED("event.password.unprotected"),
 	RATING_NEW("event.rating.new"),

logicaldoc-core/src/main/java/com/logicaldoc/core/document/DocumentManagerImpl.java

@@ -1431,7 +1431,7 @@ public Ticket createTicket(
 			ticket.setExpired(cal.getTime());
 		}
 
-		transaction.setEvent(DocumentEvent.DTICKET_CREATED.toString());
+		transaction.setEvent(DocumentEvent.TICKET_CREATED.toString());
 		transaction.setSessionId(transaction.getSessionId());
 
 		ticketDAO.store(ticket, transaction);

logicaldoc-core/src/main/java/com/logicaldoc/core/document/dao/HibernateDocumentDAO.java

@@ -307,8 +307,10 @@ public void store(Document doc, final DocumentHistory transaction) throws Persis
 				copyFolderMetadata(doc);
 			}
 
-			if (!RunLevel.current().aspectEnabled("customId"))
+			if (!RunLevel.current().aspectEnabled("customId")) {
 				doc.setCustomId(UUID.randomUUID().toString());
+				log.debug("Aspect customId is disabled so force the the Custom ID to a random UUID");
+			}
 
 			log.debug("Invoke listeners before store");
 			Map<String, Object> dictionary = new HashMap<>();

logicaldoc-core/src/main/java/com/logicaldoc/core/folder/Folder.java

@@ -100,6 +100,9 @@ public class Folder extends ExtensibleObject implements Comparable<Folder> {
 
 	private Set<Tag> tags = new HashSet<>();
 
+	/**
+	 * Comma-separated tags, used for searching only
+	 */
 	private String tgs;
 
 	/**
@@ -485,6 +488,12 @@ public String getTgs() {
 		return tgs;
 	}
 
+	/**
+	 * So not invoke this method directly, it is thought to be used by the ORM
+	 * inside the DAO.
+	 * 
+	 * @param tgs comma-separated string of tags
+	 */
 	public void setTgs(String tgs) {
 		this.tgs = tgs;
 	}

logicaldoc-core/src/main/java/com/logicaldoc/core/folder/HibernateFolderDAO.java

@@ -1348,7 +1348,9 @@ public Folder createAlias(long parentId, long foldRef, FolderHistory transaction
 	public Folder create(Folder parent, Folder folderVO, boolean inheritSecurity, FolderHistory transaction)
 			throws PersistenceException {
 		parent = findFolder(parent);
-
+		if(!org.hibernate.Hibernate.isInitialized(parent.getAttributes()))
+			initialize(parent);
+
 		Folder folder = new Folder();
 		folder.setName(folderVO.getName());
 		folder.setType(folderVO.getType());
@@ -1426,9 +1428,7 @@ private void setExtendedAttributes(Folder folder, Folder folderVO) {
 
 	private void replicateParentMetadata(Folder folder, Folder folderVO, Folder parent) {
 		if (parent.getTemplate() != null && folderVO.getTemplate() == null && folderVO.getFoldRef() == null) {
-			initialize(parent);
 			folder.setTemplate(parent.getTemplate());
-
 			for (String att : parent.getAttributeNames()) {
 				Attribute ext = new Attribute(parent.getAttributes().get(att));
 				folder.getAttributes().put(att, ext);
@@ -1457,8 +1457,6 @@ public Folder createPath(Folder parent, String path, boolean inheritSecurity, Fo
 		Folder folder = findFolder(parent.getId());
 
 		while (st.hasMoreTokens()) {
-			initialize(folder);
-
 			String name = st.nextToken();
 
 			Map<String, Object> params = new HashMap<>();
@@ -1474,12 +1472,12 @@ public Folder createPath(Folder parent, String path, boolean inheritSecurity, Fo
 				Folder folderVO = new Folder();
 				folderVO.setName(name);
 				folderVO.setType(root.equals(folder) ? Folder.TYPE_WORKSPACE : Folder.TYPE_DEFAULT);
+				initialize(folder);
 				folder = create(folder, folderVO, inheritSecurity,
 						transaction != null ? new FolderHistory(transaction) : null);
 				flush();
 			} else {
 				folder = findById(child);
-				initialize(folder);
 			}
 		}
 		return folder;
@@ -1942,7 +1940,7 @@ public List<Folder> findWorkspaces(long tenantId) throws PersistenceException {
 	@Override
 	public void initialize(Folder folder) {
 		refresh(folder);
-
+		
 		if (folder.getFolderGroups() != null)
 			log.trace("Initialized {} folder groups", folder.getFolderGroups().size());
 

logicaldoc-core/src/main/java/com/logicaldoc/core/metadata/HibernateAttributeSetDAO.java

@@ -7,7 +7,6 @@
 import java.util.TreeMap;
 
 import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.LoggerFactory;
 
 import com.logicaldoc.core.HibernatePersistentObjectDAO;
@@ -114,44 +113,6 @@ public void store(AttributeSet set) throws PersistenceException {
 
 		// Enforce the set specifications in all the attributes
 		enforceSetSpecInAllAttributes(set);
-
-		/*
-		 * Update the attributes referenced in the templates
-		 */
-		List<Template> templates = templateDao.findAll(set.getTenantId());
-		for (Template template : templates) {
-			templateDao.initialize(template);
-			List<String> names = template.getAttributeNames(set.getId());
-			for (String name : names) {
-				Attribute setAttribute = set.getAttribute(name);
-				replicateAttributeToTemplate(name, setAttribute, template);
-			}
-			templateDao.store(template);
-		}
-	}
-
-	private void replicateAttributeToTemplate(String name, Attribute attribute, Template template) {
-		if (attribute != null) {
-			// the attribute exists both in template and set so update
-			// it but preserve the position and the validation(if any)
-			// declared in the template
-			Attribute templateAttribute = template.getAttribute(name);
-			int currentPosition = templateAttribute.getPosition();
-			String currentValidation = templateAttribute.getValidation();
-			String currentInitialization = templateAttribute.getInitialization();
-
-			Attribute clonedAttribute = new Attribute(attribute);
-			clonedAttribute.setPosition(currentPosition);
-			if (StringUtils.isNotEmpty(currentValidation))
-				clonedAttribute.setValidation(currentValidation);
-			if (StringUtils.isNotEmpty(currentInitialization))
-				clonedAttribute.setInitialization(currentInitialization);
-			template.getAttributes().put(name, clonedAttribute);
-		} else {
-			// the attribute exists in template but not in the set so
-			// remove it
-			template.removeAttribute(name);
-		}
 	}
 
 	private void enforceSetSpecInAllAttributes(AttributeSet set) throws PersistenceException {

logicaldoc-core/src/main/java/com/logicaldoc/core/security/LoginThrottle.java

@@ -1,20 +1,34 @@
 package com.logicaldoc.core.security;
 
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.logicaldoc.core.PersistenceException;
+import com.logicaldoc.core.automation.Automation;
+import com.logicaldoc.core.communication.EMail;
+import com.logicaldoc.core.communication.EMailSender;
+import com.logicaldoc.core.communication.Message;
+import com.logicaldoc.core.communication.MessageTemplate;
+import com.logicaldoc.core.communication.MessageTemplateDAO;
+import com.logicaldoc.core.communication.Recipient;
+import com.logicaldoc.core.communication.SystemMessage;
+import com.logicaldoc.core.communication.SystemMessageDAO;
 import com.logicaldoc.core.security.authentication.AuthenticationException;
 import com.logicaldoc.core.security.authentication.IPBlockedException;
 import com.logicaldoc.core.security.authentication.UsernameBlockedException;
 import com.logicaldoc.core.security.dao.UserDAO;
 import com.logicaldoc.core.security.dao.UserHistoryDAO;
 import com.logicaldoc.core.sequence.Sequence;
 import com.logicaldoc.core.sequence.SequenceDAO;
+import com.logicaldoc.core.threading.ThreadPools;
 import com.logicaldoc.util.Context;
 import com.logicaldoc.util.config.ContextProperties;
 
@@ -139,6 +153,7 @@ private static void checkIp(String ip) throws IPBlockedException {
 					Date oldestDate = cal.getTime();
 					if (oldestDate.before(seq.getLastModified())) {
 						log.warn("Possible brute force attack detected for IP {}", ip);
+						notifyBruteForceAttack(null, ip);
 						throw new IPBlockedException();
 					} else {
 						log.info("Login block for IP {} expired", ip);
@@ -167,6 +182,7 @@ private static void checkUsername(String username) throws UsernameBlockedExcepti
 					Date oldestDate = cal.getTime();
 					if (oldestDate.before(seq.getLastModified())) {
 						log.warn("Possible brute force attack detected for username {}", username);
+						notifyBruteForceAttack(username, null);
 
 						disableUser(username);
 
@@ -201,6 +217,93 @@ protected static void disableUser(String username) {
 		}
 	}
 
+	private static void notifyBruteForceAttack(String suspectedUsername, String suspectedIp) {
+		ThreadPools.get().schedule(() -> {
+			try {
+				Date date = new Date();
+				List<User> recipients = getRecipients();
+				for (User user : recipients) {
+					log.debug("Prepare Brute Force Attack Alert for user {}", user);
+
+					Map<String, Object> dictionary = new HashMap<>();
+					dictionary.put("suspectedUsername", suspectedUsername);
+					dictionary.put("suspectedIp", suspectedIp);
+					dictionary.put("date", date);
+					dictionary.put(Automation.LOCALE, user.getLocale());
+
+					MessageTemplateDAO templateDAO = (MessageTemplateDAO) Context.get()
+							.getBean(MessageTemplateDAO.class);
+					MessageTemplate template = templateDAO.findByNameAndLanguage("bfa.alert", user.getLanguage(),
+							Tenant.DEFAULT_ID);
+					if (template == null)
+						template = templateDAO.findByNameAndLanguage("bfa.alert", "en", Tenant.DEFAULT_ID);
+
+					String subject = template.getFormattedSubject(dictionary);
+					String body = template.getFormattedBody(dictionary);
+
+					/*
+					 * Save a system message
+					 */
+					SystemMessage message = new SystemMessage();
+					message.setTenantId(user.getTenantId());
+					message.setType(Message.TYPE_SYSTEM);
+					message.setHtml(1);
+					message.setAuthor("SYSTEM");
+					message.setLocale(user.getLocale());
+					message.setMessageText(body);
+					message.setSubject(subject);
+
+					Recipient recipient = new Recipient();
+					recipient.setAddress(user.getEmail());
+					recipient.setName(user.getUsername());
+					recipient.setType(Recipient.TYPE_SYSTEM);
+					message.getRecipients().add(recipient);
+
+					SystemMessageDAO messageDAO = (SystemMessageDAO) Context.get().getBean(SystemMessageDAO.class);
+					messageDAO.store(message);
+
+					/*
+					 * Send an e-mail message
+					 */
+					EMail email = new EMail();
+					email.setTenantId(message.getTenantId());
+					email.setHtml(message.getHtml());
+					email.setLocale(message.getLocale());
+					email.setAuthor(message.getAuthor());
+					email.setSubject(message.getSubject());
+					email.setMessageText(message.getMessageText());
+					recipient = new Recipient();
+					recipient.setAddress(user.getEmail());
+					recipient.setName(user.getFullName());
+					recipient.setMode(Recipient.MODE_EMAIL_TO);
+					email.getRecipients().add(recipient);
+
+					EMailSender sender = (EMailSender) Context.get().getBean(EMailSender.class);
+					sender.sendAsync(email);
+				}
+			} catch (PersistenceException e) {
+				log.warn(e.getMessage(), e);
+			}
+		}, "BruteForceAttack", 500);
+	}
+
+	private static List<User> getRecipients() throws PersistenceException {
+		List<User> recipients = new ArrayList<>();
+		String setting = Context.get().getProperties().getProperty("throttle.alert.recipients", "");
+		if (StringUtils.isNotEmpty(setting)) {
+			UserDAO uDao = (UserDAO) Context.get().getBean(UserDAO.class);
+			String[] usernames = setting.split(",");
+			for (String username : usernames) {
+				User user = uDao.findByUsername(username);
+				if (user != null)
+					recipients.add(user);
+			}
+
+		}
+
+		return recipients;
+	}
+
 	private static void deleteSequence(Sequence seq) {
 		try {
 			SequenceDAO sDao = (SequenceDAO) Context.get().getBean(SequenceDAO.class);

logicaldoc-core/src/main/java/com/logicaldoc/core/stats/StatsCollector.java

@@ -641,7 +641,7 @@ private long[] extractDocStats(long tenantId) throws PersistenceException {
 			log.error(e.getMessage(), e);
 		}
 
-		stats[5] = documentDAO.computeTotalSize(tenantId, null, true);
+		stats[5] = documentDAO.computeTotalSize(tenantId != Tenant.SYSTEM_ID ? tenantId : null, null, true);
 
 		stats[6] = 0;
 		try {

logicaldoc-core/src/main/java/com/logicaldoc/core/system/SystemLoadMonitor.java

@@ -95,7 +95,7 @@ private int getCpuLoadOnWindows() {
 		try {
 			Exec exec = new Exec();
 			exec.setOutPrefix(null);
-			exec.exec("wmic cpu get loadpercentage", null, null, sb, 5);
+			exec.exec("Powershell \"[string][int](Get-Counter '\\Processor(*)\\% Processor Time').Countersamples[0].CookedValue", null, null, sb, 5);
 		} catch (IOException e1) {
 			log.warn(e1.getMessage(), e1);
 			return 0;

logicaldoc-core/src/main/java/com/logicaldoc/core/ticket/HibernateTicketDAO.java

@@ -58,9 +58,10 @@ public void store(Ticket entity, DocumentHistory transaction) throws Persistence
 		super.store(entity);
 
 		if (transaction != null) {
-			transaction.setEvent(DocumentEvent.DTICKET_CREATED.toString());
+			transaction.setEvent(DocumentEvent.TICKET_CREATED.toString());
 			transaction.setDocId(entity.getDocId());
-			transaction.setComment("Ticket " + entity.getTicketId());
+			transaction.setComment(
+					(entity.getType() == Ticket.DOWNLOAD ? "Download" : "View") + " ticket " + entity.getTicketId());
 
 			try {
 				documentDAO.saveDocumentHistory(documentDAO.findById(entity.getDocId()), transaction);

logicaldoc-core/src/main/resources/plugin.xml

@@ -88,7 +88,7 @@
 <!ELEMENT value (#PCDATA)>
 ]>
 
-<plugin id="logicaldoc-core" version="8.8.6" class="com.logicaldoc.core.CorePlugin">
+<plugin id="logicaldoc-core" version="8.9.0" class="com.logicaldoc.core.CorePlugin">
   <extension-point id="DbInit">
     <parameter-def id="name" />
     <parameter-def id="sqlFile" />