Merge pull request #214 from Esri/271_SecurityUpdates

271 security updates

README.md

@@ -12,7 +12,7 @@ To report an issue, please go to [issues](https://github.com/Esri/geoportal-serv
 The nature of the Harvester application is, as the name suggests, to harvest metadata from whatever web endpoints it is provided. The list(s) of endpoints to download metadata from can also be provided by external entities over the internet. Neither the metadata being harvested nor the list(s) of endpoints provided by external entities are vetted or checked by the Harvester. **Users who wish to limit the scope of the Harvester's reach should configure the network or machine where the Harvester is located with allow lists or deny lists of web endpoints to prevent the Harvester from reaching undesirable locations.**
 
 ## Releases and Downloads
-- 2.7.0 - June 13, 2021, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.7.0) for release notes and downloads. 
+- 2.7.1 - June 13, 2021, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.7.1) for release notes and downloads. 
 - 2.6.5 - July 13, 2021, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.6.5) for release notes and downloads. 
 - 2.6.4 - July 8, 2020, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.6.4) for release notes and downloads. 
 

geoportal-SDK/geoportal-harvester-api-base/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.esri.geoportal</groupId>
         <artifactId>geoportal-SDK</artifactId>
-        <version>2.7.0</version>
+        <version>2.7.1</version>
     </parent>
     <artifactId>harvester-api-base</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Api Base</name>

geoportal-SDK/geoportal-harvester-api-base/src/main/java/com/esri/geoportal/harvester/api/base/DataReferenceWrapper.java

@@ -75,6 +75,10 @@ public Set<MimeType> getContentType() {
   public String getId() {
     return baseRef.getId();
   }
+  @Override
+  public String getTitle() {
+    return baseRef.getTitle();
+  }
 
   @Override
   public String getFetchableId() {

geoportal-SDK/geoportal-harvester-api-base/src/main/java/com/esri/geoportal/harvester/api/base/SimpleDataReference.java

@@ -34,6 +34,7 @@ public class SimpleDataReference implements DataReference {
   private final URI brokerUri;
   private final String brokerName;
   private final String id;
+  private String title = "";
   private final Date lastModifiedDate;
   private final URI sourceUri;
   private final String inputBrokerRef;
@@ -54,13 +55,24 @@ public class SimpleDataReference implements DataReference {
    * @param taskRef task reference of <code>null</code> if ad-hoc
    */
   public SimpleDataReference(URI brokerUri, String brokerName, String id, Date lastModifiedDate, URI sourceUri, String inputBrokerRef, String taskRef) {
+    this.brokerUri = brokerUri;
+    this.brokerName = brokerName;
+    this.id = id;
+    this.lastModifiedDate = lastModifiedDate;
+    this.sourceUri = sourceUri;
+    this.inputBrokerRef = inputBrokerRef;
+    this.taskRef = taskRef;   
+  }
+
+  public SimpleDataReference(URI brokerUri, String brokerName, String id, Date lastModifiedDate, URI sourceUri, String inputBrokerRef, String taskRef,String title) {
     this.brokerUri = brokerUri;
     this.brokerName = brokerName;
     this.id = id;
     this.lastModifiedDate = lastModifiedDate;
     this.sourceUri = sourceUri;
     this.inputBrokerRef = inputBrokerRef;
     this.taskRef = taskRef;
+    this.title = title;
   }
 
   /**
@@ -101,6 +113,11 @@ public Date getLastModifiedDate() {
   public URI getSourceUri() {
     return sourceUri;
   }
+
+  @Override
+  public String getTitle() {
+    return title;
+  }
 
   @Override
   public byte[] getContent(MimeType...mimeType) throws IOException {

geoportal-SDK/geoportal-harvester-api/pom.xml

@@ -4,12 +4,12 @@
     <parent>
       <artifactId>geoportal-SDK</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.0</version>
+      <version>2.7.1</version>
     </parent>
     <artifactId>harvester-api</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Api</name>
     <description>Definitions of all basic elements of the Harvester (interfaces, final classes, etc.).</description>
-    <version>2.7.0</version>
+    <version>2.7.1</version>
     <packaging>jar</packaging>
     <dependencies>
         <dependency>

geoportal-SDK/geoportal-harvester-api/src/main/java/com/esri/geoportal/harvester/api/DataReference.java

@@ -86,4 +86,6 @@ public interface DataReference extends Serializable, DataContent {
    * @return task reference of <code>null</code> if ad-hoc
    */
   String getTaskRef();
+
+  String getTitle();
 }

geoportal-SDK/geoportal-harvester-api/src/main/java/com/esri/geoportal/harvester/api/defs/UITemplate.java

@@ -81,7 +81,10 @@ public static enum ArgumentType {
     /** temporal type */
     temporal,
     /** periodical */
-    periodical
+    periodical,
+    button,
+    hidden
+
   }
 
   /**
@@ -224,7 +227,7 @@ public String toString() {
     }
   }
 
-  /**
+    /**
    * String argument.
    */
   public static class StringArgument extends ArgumentBase<String> {
@@ -272,6 +275,44 @@ public ArgumentType getType() {
     }
   }
 
+  /**
+   * Button argument.
+   */
+  public static class ButtonArgument extends ArgumentBase<String> { 
+
+    /**
+  * Creates instance of the argument.
+  * @param name type
+  * @param label label
+  * @param required <code>true</code> if argument is required
+  */
+    public ButtonArgument(String name, String label, boolean required) {
+      super(name, label, required);
+    }
+    @Override
+    public ArgumentType getType() {
+      return ArgumentType.button;
+    }
+  }
+
+  /**
+   * Button argument.
+   */
+  public static class HiddenArgument extends ArgumentBase<String> {       
+    /**
+  * Creates instance of the argument.
+  * @param name type
+  * @param label label
+ */
+    public HiddenArgument(String name, String label) {
+      super(name, label);
+    }
+    @Override
+    public ArgumentType getType() {
+      return ArgumentType.hidden;
+    }
+  }
+
   /**
    * String argument.
    */

geoportal-SDK/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-harvester</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.0</version>
+      <version>2.7.1</version>
     </parent>
     <artifactId>geoportal-SDK</artifactId>
     <packaging>pom</packaging>

geoportal-application/geoportal-harvester-cli/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.esri.geoportal</groupId>
         <artifactId>geoportal-application</artifactId>
-        <version>2.7.0</version>
+        <version>2.7.1</version>
     </parent>
     <artifactId>geoportal-harvester-cli</artifactId>
     <packaging>jar</packaging>

geoportal-application/geoportal-harvester-engine/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-application</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.0</version>
+      <version>2.7.1</version>
     </parent>
     <artifactId>geoportal-harvester-engine</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Application :: Engine</name>

geoportal-application/geoportal-harvester-war/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-application</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.0</version>
+      <version>2.7.1</version>
     </parent>
     <artifactId>geoportal-harvester-war</artifactId>
     <packaging>war</packaging>
@@ -13,7 +13,7 @@
 
     <properties>
         <endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
-        <spring.version>5.3.24</spring.version>
+        <spring.version>5.3.27</spring.version>
         <springsecurity.version>5.3.10.RELEASE</springsecurity.version>
     </properties>
 
@@ -67,7 +67,7 @@
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
-            <version>2.1.210</version>
+            <version>2.2.220</version>
         </dependency>
 
         <!-- Spring Security -->

geoportal-application/geoportal-harvester-war/src/main/java/com/esri/geoportal/harvester/rest/ConnectorController.java

@@ -18,6 +18,9 @@
 import static com.esri.geoportal.commons.utils.CrlfUtils.formatForLog;
 import com.esri.geoportal.harvester.api.defs.UITemplate;
 import com.esri.geoportal.harvester.engine.services.Engine;
+import com.esri.geoportal.harvester.engine.services.TemplatesService;
+import java.util.List;
+import java.util.Locale;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -181,6 +184,8 @@ public UITemplate[] listInboundConnectors() {
   @RequestMapping(value = "/rest/harvester/connectors/outbound", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
   public UITemplate[] listOutboundConnectors() {
     LOG.debug(String.format("GET /rest/harvester/connectors/outbound"));
+      TemplatesService srv1 = engine.getTemplatesService();
+      List<UITemplate> temp2= srv1.getOutboundConnectorTemplates(Locale.US);
     return engine.getTemplatesService().getOutboundConnectorTemplates(LocaleContextHolder.getLocale()).toArray(new UITemplate[0]);
   }
 

geoportal-application/geoportal-harvester-war/src/main/webapp/hrv/ui/brokers/Broker.js

@@ -28,14 +28,18 @@ define(["dojo/_base/declare",
         "dijit/Dialog",
         "dijit/ConfirmDialog",
         "hrv/rest/Brokers",
-        "hrv/ui/brokers/BrokerEditorPane"
+        "hrv/ui/brokers/BrokerEditorPane",
+        "esri/IdentityManager",        
+        "esri/arcgis/Portal",
+        "esri/config",
       ],
   function(declare,
            _WidgetBase,_TemplatedMixin,_WidgetsInTemplateMixin,
            i18n,template,
            lang,string,topic,on,json,
            Dialog,ConfirmDialog,
-           BrokersREST,BrokerEditorPane
+           BrokersREST,BrokerEditorPane,
+           esriId, arcgisPortal,esriConfig
           ){
 
     return declare([_WidgetBase, _TemplatedMixin, _WidgetsInTemplateMixin],{
@@ -71,23 +75,50 @@ define(["dojo/_base/declare",
 
         // listen to "submit" button click
         this.own(on(brokerEditorPane,"submit",lang.hitch(this, function(evt){
-          var brokerDefinition = evt.brokerDefinition;
-
-          // use API to update broker
-          BrokersREST.update(brokerDefinition.uuid,json.stringify(brokerDefinition)).then(
-            lang.hitch({brokerEditorPane: brokerEditorPane, brokerEditorDialog: brokerEditorDialog, self: this},function(){
-              topic.publish("msg"); // clear any former errors
-              this.brokerEditorDialog.destroy();
-              this.brokerEditorPane.destroy();
-              this.self.load();
-            }),
-            lang.hitch(this,function(error){
-              console.debug(error);
-              topic.publish("msg", new Error(this.i18n.brokers.errors.creating));
-            })
-          );
-        })));
-
+            var brokerDefinition = evt.brokerDefinition;
+            var brokerDefinitionProp = evt.brokerDefinition.properties;
+            var portalUrl = brokerDefinitionProp["agp-host-url"] ;            
+
+            if(brokerDefinitionProp["agp-oauth"]=== "true"){
+                esriId.getCredential(portalUrl,{oAuthPopupConfirmation:false}).then(
+                    lang.hitch(this,function(credential){                     
+                        var token = credential.token;  
+                        brokerDefinitionProp["agp-token"]= token;
+
+                        // use API to update broker
+                        BrokersREST.update(brokerDefinition.uuid,json.stringify(brokerDefinition)).then(
+                        lang.hitch({brokerEditorPane: brokerEditorPane, brokerEditorDialog: brokerEditorDialog, self: this},function(){
+                          topic.publish("msg"); // clear any former errors
+                          this.brokerEditorDialog.destroy();
+                          this.brokerEditorPane.destroy();
+                          //TODO reload Broker
+                         // this.self.load();
+                        }),
+                        lang.hitch(this,function(error){
+                          console.debug(error);
+                          topic.publish("msg", new Error(this.i18n.brokers.errors.creating));
+                        })
+                    );
+                }));
+            }
+            else
+            {
+                brokerDefinitionProp["agp-token"]= "";
+                // use API to update broker
+                BrokersREST.update(brokerDefinition.uuid,json.stringify(brokerDefinition)).then(
+                lang.hitch({brokerEditorPane: brokerEditorPane, brokerEditorDialog: brokerEditorDialog, self: this},function(){
+                  topic.publish("msg"); // clear any former errors
+                  this.brokerEditorDialog.destroy();
+                  this.brokerEditorPane.destroy();  
+                  this.self.load();
+                }),
+                lang.hitch(this,function(error){
+                  console.debug(error);
+                  topic.publish("msg", new Error(this.i18n.brokers.errors.creating));
+                }));                
+            }
+        })));      
+
         brokerEditorDialog.show();
       },
 

geoportal-application/geoportal-harvester-war/src/main/webapp/hrv/ui/brokers/BrokerEditorPane.js

@@ -108,6 +108,10 @@ define(["dojo/_base/declare",
         this.updateArgumentsForm(this.connectorTemplates[type].arguments);
       },
 
+      onOAuth:function()
+      {
+          alert("hello");
+      },
       _onSubmit: function() {
         if (this.formWidget.validate()) {
           var values = this.formWidget.getValues();