- Use ID token claims as the source of truth for Apple OAuth2 attributes
- Added Apple mapper type to OAuth2 client data validation
- Consolidated duplicated validation logic for BASIC, GITHUB, and APPLE mapper types
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The lastCommit field was shared across all repository keys, causing
MissingObjectException when multiple repositories were registered.
When onUpdate fired for repo A it overwrote lastCommit, and subsequent
listFiles/getFileContent calls for repo B used repo A's commit whose
tree objects don't exist in repo B's object database.
Changed to a per-key Map<String, RevCommit> so each repository's
resolved commit is stored and retrieved independently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a TbRuleChainInputNode has `forwardMsgToDefaultRuleChain=true` and the originator's
default rule chain is the same as the rule chain containing this node, the message enters
an infinite loop: the node forwards to the default rule chain, which routes back to the
same node, which forwards again, causing unbounded recursion and 100% CPU on rule-engine.
Fix: detect the loop in DefaultTbContext.input() by checking whether the calling rule node
is already present in the message's return stack (TbMsgProcessingCtx). On the second+
iteration the stack already contains the (ruleChainId, ruleNodeId) pair of the node,
so the call is a cycle. In that case tellFailure() is called with a descriptive message
and a WARN log is emitted instead of re-enqueuing the message.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Delay and deduplication rule nodes were creating brand new TbMsg objects
instead of copying the original, which reset the ruleNodeExecCounter to 0.
This allowed bypassing the maxRuleNodeExecutionsPerMessage limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce TbCallback-based finish notification for submitted jobs,
allowing callers to be notified when a job reaches a terminal state
(COMPLETED, FAILED, CANCELLED) via cluster-wide ComponentLifecycleMsg
broadcast.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve the commit once in onUpdate() and reuse the cached RevCommit
for listFiles and getFileContent operations, instead of resolving
the branch ref on every call. Added RevCommit-accepting overloads
to GitRepository for listFilesAtCommit and getFileContentAtCommit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove redundant manual X-Forwarded-For header parsing in
RestAuthenticationDetails. The getClientIP() method duplicated
functionality already provided by Spring's ForwardedHeaderFilter
when server.forward_headers_strategy is configured.
Now uses request.getRemoteAddr() directly, which respects the
configured forward_headers_strategy setting (default: framework).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added getOrEmptyId method to validate if entityId is zero.
Changed logs to debug in DefaultTbTenantProfileService.
Added Throwable cause to Exceptions in catch blocks in DefaultTbTenantProfileService.
Signed-off-by: Oleksandra_Matviienko <al.zzzeebra@gmail.com>
moved setDefaultTenantProfile to the service layer;
added Awaitility-based audit log checks in controller tests;
allowed SYS_ADMIN access to audit endpoints;
made BuildProperties optional with version fallback;
used tenantAdminUser in updateDefaultTenantProfile;
updated logging config for audit debugging.
Signed-off-by: Oleksandra_Matviienko <al.zzzeebra@gmail.com>
Volodymyr Babak
Viacheslav Klimov
Dmytro Khylko
Sergey Matvienko
Dmytro Skarzhynets
dashevchenko
Nikita Mazurenko
Oleksandra_Matviienko
IrynaMatveieva
Andrii Landiak
dshvaika