Motivation:

Since we are moving to dockerize deployment, some variables,
like the neo4j hostname needs to be set different base on
the environment set up.

Also, we need to seperated the images that will be generated
when a normal commit is made and when a release is trigger.

Modification:

- expose the neo4j host name as configurable variable
- seperate docker image generated from a commit and a tag
    release
- add production_deployment to ci/cd deploy stage. This
   will be use to depoly to the production system. However,
   it just include a test to see if the ssh will work.

Result:

Two different docker images will be build, one for stable
tagged release and the other for development. These images
will be push to different docker repositories.

Target: master

Motivation:

A new uuid is generated for an entity that will be save on the db..
This is use as a primary way of uniquely identify a particular node.
To ensure the uniqueness of the uuid, two factor were considered
which are:
- uuid version 1
- secure random number
However the secured random number is currently generated causing the
thread to block in a VM (for details explaination see
https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/).
Hence the behaviour of the system become unpredicate and most likely
will fail if the request will required the uuid to be generated.

Modification:

- change how the secured random number is generated
- minor typo fix inside the MarketUserRepository

Result:

The generation of cerebrum custom uuid now work seemly on both local
machine and VMs. Hence, all requests are now process as expected.

Target: master

Motivation:

Keep cerebrum up-to-date.

Modification:

- change the spring-boot version to 2.3.5
- upgrade the springdoc-openapi-ui to version 1.4.8 to
    avoid the classpath problem
- use the latest spring boot version of the neo4j driver
- unity aai jwt header token is at+jwt however, the latest
    springframework security does not support this. Hence.
    exclude the current version of nimbus-jose-jwt and
    add version 7.9 that support at+jwt header.
- inside the application.yml and application-dev.yml use the
    properties setting for the neo4j instead of the spring
    neo4j properties
- enable more neo4j logs info
- use the proper variable name for the sceret value inside
    the docker file.

Result:

No visible changes to the end user

change to debug mode

`tar` -> `jar`

Motivation:

When the test stage of the ci/cd is trigger, it currently fail. 
The main reason is that it took more than the stipulated time of 
one hour to run.

Modification:

skip unit/integration tests

Result:

no testing

Motivation:

Maven test are unncessarily ran at least twice and some
stage that were declared that were not use. This cause
some unexpected behaviour in the ci/cd build.

Also, the ci/cd fail because of some false postive in the
dependency vulnerabilities scan

Modification:

- Define only neccessary stages and use them accordingly.
- add some few dependecies supression

Result:

- Keep the ci/cd simple and avoid running multiple tests
- when `mvn org.owasp:dependency-check-maven:check` is run
Vulnerabilities found equal 0

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/39

Motivation:

All authenticated user should be store into cerebrum
data-storage (neo4j). At the momement this is not the
case.

Modification:

- ensure that when the autheticated user hit /api/v0/users/whoami
    and the user is unknown to cerebrum, a new user will
    be created.
- add findByEmailAndSub method in the user repository to search
    the database if user with the supplied email and sub exist
- add a createEnity method inside CerebrumService interface that
    are implemented inside CerebrumServiceBase abstract class.
    This will be use when the uri location is not needed.

Result:

Unkown user that have been authenticated will be
store by cerebrum.

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/38

Motivation:

Since production environment variables will be
different from the development variables, hence
we create a new development profile to set up
the necessary configuration for the development.

Modification:

- create a new dev profile yml file and add the
    configurations for development
- add the dev profile to maven

Result:

The cerebrum dev server can now use the dev config.

Using maven, selecting a dev profile will be done as follow:
    `mvn -Pdev clean ...`

The profile can be set after the code is build as follow:
    `java -Dspring.profiles.active=dev -jar ...`

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/37

Motivation:

CORs is a technique that uses additional HTTP headers
to inform browsers to give a client application at a
particular origin access to requested resources at a
different origin. This was previous implemented but
needed some few adjustment to make it work.

Modification:

- Change the property name for allowed origin from
    cerebrum.allowed.client.origins to cerebrum.allowed.origins
    Hence it can be set in the command line as follow:
    `java -jar --cerebrum.allowed.origins=<comma-seperated-values>`
- Add OPTIONS method to the list of allowed methods and obtain
    the value of the property: `cerebrum.allowed.origins`

Result:

CORs now works

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/36

Motivation:

The open-api for documenting cerebrum api allows setting the
server url property to the preferred url. In the initial state,
it was assumed that cerebrum will be served from localhost.
However, this is currently not the case, the application is
dockerised and can be served from different url than the assumed
one. Hence it is neccessary that we let the open-api generate
the server url.

Modification:

Remove server property from the open-api configuration.

Result:

The doc server url is now autogenrated.

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/35

Motivation:

Currently the test coverage is lower than 80%, however we need
to run a complete ci/cd to be able to demo what have been done
so far.

Modification:

remove the ci for the sonarque for the list of tests.

Result:

No visible changes to the user

Target: master
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/34

Motivation:

User belonging to known Helmholtz organisation can create
and be part of a management team to manage a marketplace
service. This patch introduce the code to model this
relationship and expose it usage through the restful API.

Modification:

- create a relationship class for "MANAGES" called Management.
- provide the ability to add and delete the relationship. Hence,
    the market-service controller expose the api, the service
    provide the bridge between the api and the repository. The
    repository contain the neccessary query to interact with
    the database.
- fix minor typo inside the market-service-controller,
    market-service-service and market-service-repository class
- overide both the equals and hashCode method of the
    market-service class

Result:

MANAGES relationship can now be added and deleted through the
restful api.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/33

Motivation:

The services that will be part of the marketplace are hosted by
the helmholtz organisations. Hence, this relationship needs to
be modelled inside cerebrum

Modification:

- create a new relationship called 'HOSTED_BY' that will be
    linking services to organisations.
- add capability to add and delete the relationship inside
    the market-service controller, service and repository

Result:

HOSTED_BY relationship can now be added and deleted through the
restful api.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/30

Motivation:

Field inside cerebrum entity are private. Hence, one needs to
explicity set the accessibility of a private field if we need
to access it through  java reflection, else this will throw
IllegalAccessException error.

Modification:

Ensure that the private fields are accessible

Result:

Update of entity now works as expected

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/31

Motivation:

A null pointer exception will be thrown if user.getAffiliations()
is equal to null.

Modification:

add a if condition to ensure that the for-loop does not throw
    a null pointer exception

Result:

Avoid null pointer exception.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/32

Motivation:

Cerebrum uses graph-based database, we can create and query relationship
between entities. Base on our design model, the organisation and marketuser
entity needs to be link together. Also, an api must be provided in which
the client can create or query the relationship.

Modification:

- add ability to add and delete affiliation relationship inside the
    marketuser controller and marketuser service
- overide the equals and hashCode method for MarketUser and Organization
    class
- create a Affiliation relationship called "BELONGS_TO" to link user
    entity to organisation entity.
-  add field members to the organisation class. This field will contain
    the list of registered members belonging to the organisation
- add a field called affiliations to the marketuser class. This field will
    contain list of affiliation the user belongs to.
- add several query methods inside both the marketuser and organisation
    repositories.
- add a field checker inside the utility class

Result:

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/29

Motivation:

The Cerebrum API controllers have the same structure and design
implementation. This leads to quite a number of code dublications.

Modification:

- decouple the service code from the controllers and create a
    service per controller
- create an inteface for the cerebrum's controllers service
- create a common base class for all the services.
- adjust the controller to use its corresponding service
- add tests to check the unchecked part of the base service class
- create a new method called checkUuidValidity to the
    CerebrumEntityUuidGenerator class. This method will throw
    an exception if uuid is invalid.

Result:

Reduce dublication from 1.7% to 0%  and increase code maintainability.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/28

SonarQube set a high bar on test coverage, > 80%.
Base on SonarQube report some few areas of the
controllers need to be covered.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/27

Motivation:

The market-services api can handle varieties of http method request.
Integration tests are necessary to ensure that basic functionalities
of the controller are not broken when new functionalities are added.

Modification:

- adjust the market-services controller:
    - post method to return 201, location url in the header and a json
          body that contain the newly create user
    - put method to return 200 if the uuid already exist or 201 if it
          is a new uuid.
    - get method now includes some limiting value for the parameters.
    - delete method now comply with the standard by returning 204.
    - use CerebrumEntityUuidGenerator.isValid to check the validity of
        a uuid and if invalid, CerebrumInvalidUuidException is thrown.
- add various tests scenarios to cover all HTTP methods in the
    market-services controller.

Result:

New 37 tests were added which leads to improve test coverage for the
market-services API. A little adjustment were made to the controller
to fix some minor bugs and make it conform with the standard.

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/26

Motivation:
The market-user api can handle varieties of http method request.
Integration tests are necessary to ensure that basic functionalities
of the controller are not broken when new functionalities are added.

Modification:

- add AccessDeniedException to the list of handled exceptions. This
    is accompanied with a test to check that it work as it suppose to.
- adjust the market-user controller:
    - post method to return 201, location url in the header and a json
          body that contain the newly create user
    - put method to return 200 if the uuid already exist or 201 if it
          is a new uuid.
    - get method now include sorting and some limiting value for the
         parameters.
    - delete method now comply with the standard.
    - use CerebrumEntityUuidGenerator.isValid to check the validity of a
        uuid and if invalid, CerebrumInvalidUuidException is thrown.
- add few sanity test to the main application test
- add various tests scenarios to cover all HTTP methods in the market-user
    controller.

Result:

New 41 tests were added which leads to improve test coverage for the
market-user API and some minor bug fixes.

Target: master
Acked-by: Franz Stephan
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/24

Motivation:

This is to improve cerebrum code.

Modification:

- remove the workaround inside CerebrumConfig by using
    SslContextFactory.Client
- create a utility class for the controllers and move all
    common methods into this class.
- use the correct helmholtz aai uri inside the MarketUserController
- supress some some methods warnings
- make the deleteUuid inside the MarketServiceRepository to
    return Long type
- remove the public modifier of the OrganizationControllerTest and
    CerebrumExceptionHandlerTest. Also the public modifier for
    the tests were remove in other Cerebrum code can conform
    with Sonar recommended code quality.

Result:

Minor bug fixes with improve code quality and readility. No
visible changes to the user.

Target: master

Motivation:

The organisations api can handle varieties of request. Since
this will evolve over time, integration tests are needed to
ensure that basic functionalities are not broken when a new
patch is submitted.

Modification:

- add various tests scenarios to cover all HTTP methods in the
    organisations API
- adjust the organisations controller:
    - post method to return 201, location url in the header
        and a json body that contain the newly create organisation
    - put method to return 200 if the uuid already exist or 201
        if it is a new uuid.
    - get, put and patch will first check the validity of the uuid
        and thrown and exception if the uuid is invalid.
    - change the return type of deleteUuid from void to long
- create CerebrumInvalidUuidException which will be use for invalid
    uuid
- add two exceptions to the CerebrumExceptionHandler which are
    CerebrumInvalidUuidException and HttpMessageNotReadableException
    (this is for malformed json or json+patch)
- add tests to check that CerebrumExceptionHandler handle those two
    new added exceptions
- fix some minor bugs inside CerebrumEntityUuidGenerator
- obtain and set aai token variable that will be use by the ci

Result:

Improve test coverage for organisation API and some minor
bug fixes.

Target: master
Acked-by: Franz Stephan
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/20

update the list of suppressed OWASP checks so that the check succeeds with the new, downgraded versions of Spring Boot 2.2

Merge branch 'master' of https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum into crud-user

Motivation:

The uppdate to 2.3.1.RELEASE version is causing Helmholtz
AAI to be unauthorised. This is due to the token header
type, which is `at+jwt`.

Modification:

Downgrade the update from 2.3.1.RELEASE to 2.2.7.RELEASE

Result:

Authentication now works

Target: master
Acked-by: Carsten Heidmann
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/22

The API should provide a functionality to create and modify users.

Modifications:
Made changes in controller and repository.

Result:
Now it's be possible to create, read (single or multiple (+PagingAndSorting)), update and delete users via REST API calls. +tested ;)

Motivation:

The exception handling currently has no test.

Modification:

Add integration tests to make sure that the exceptions were thrown
when and where they were suppose. This is done by simulating various
scenarios and mocking the server behaviour.

Result:

Improve test coverage for exception handling

Documentation:

To run the test, first get the Helmholtz AAI token and add it
the mvn command as shown to compile and run the tests:
     mvn -Dtoken=<put the token here> test|package|install
To skip the tests, simply run:
     mvn -DskipTests package|install

Target: master
Acked-by: Franz Stephan
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-cerebrum/-/merge_requests/19