adds verification of dependency versions on plugin installation

scm-webapp/src/main/java/sonia/scm/plugin/DefaultPluginManager.java

@@ -42,6 +42,7 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Function;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
@@ -68,6 +69,8 @@ public class DefaultPluginManager implements PluginManager {
   private final Collection<PendingPluginUninstallation> pendingUninstallQueue = new ArrayList<>();
   private final PluginDependencyTracker dependencyTracker = new PluginDependencyTracker();
 
+  private Function<List<AvailablePlugin>, PluginInstallationContext> contextFactory;
+
   @Inject
   public DefaultPluginManager(PluginLoader loader, PluginCenter center, PluginInstaller installer, Restarter restarter, ScmEventBus eventBus) {
     this.loader = loader;
@@ -77,6 +80,12 @@ public class DefaultPluginManager implements PluginManager {
     this.eventBus = eventBus;
 
     this.computeInstallationDependencies();
+    this.contextFactory = (availablePlugins -> PluginInstallationContext.of(getInstalled(), availablePlugins));
+  }
+
+  @VisibleForTesting
+  void setContextFactory(Function<List<AvailablePlugin>, PluginInstallationContext> contextFactory) {
+    this.contextFactory = contextFactory;
   }
 
   @VisibleForTesting
@@ -167,9 +176,10 @@ public class DefaultPluginManager implements PluginManager {
 
     List<AvailablePlugin> plugins = collectPluginsToInstall(name);
     List<PendingPluginInstallation> pendingInstallations = new ArrayList<>();
+
     for (AvailablePlugin plugin : plugins) {
       try {
-        PendingPluginInstallation pending = installer.install(plugin);
+        PendingPluginInstallation pending = installer.install(contextFactory.apply(plugins), plugin);
         dependencyTracker.addInstalled(plugin.getDescriptor());
         pendingInstallations.add(pending);
         eventBus.post(new PluginEvent(PluginEvent.PluginEventType.INSTALLED, plugin));

scm-webapp/src/main/java/sonia/scm/plugin/DependencyNotFoundException.java

@@ -0,0 +1,62 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.plugin;
+
+import static sonia.scm.ContextEntry.ContextBuilder.entity;
+
+@SuppressWarnings("java:S110")
+public class DependencyNotFoundException extends PluginInstallException {
+
+  private final String plugin;
+  private final String missingDependency;
+
+  public DependencyNotFoundException(String plugin, String missingDependency) {
+    super(
+      entity("Dependency", missingDependency)
+        .in("Plugin", plugin)
+        .build(),
+      String.format(
+        "missing dependency %s of plugin %s",
+        missingDependency,
+        plugin
+      )
+    );
+    this.plugin = plugin;
+    this.missingDependency = missingDependency;
+  }
+
+  public String getPlugin() {
+    return plugin;
+  }
+
+  public String getMissingDependency() {
+    return missingDependency;
+  }
+
+  @Override
+  public String getCode() {
+    return "5GS6lwvWF1";
+  }
+}

scm-webapp/src/main/java/sonia/scm/plugin/DependencyVersionMismatchException.java

@@ -0,0 +1,60 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.plugin;
+
+import lombok.Getter;
+
+import static sonia.scm.ContextEntry.ContextBuilder.entity;
+
+@Getter
+@SuppressWarnings("java:S110")
+public class DependencyVersionMismatchException extends PluginInstallException {
+
+  private final String plugin;
+  private final String dependency;
+  private final String minVersion;
+  private final String currentVersion;
+
+  public DependencyVersionMismatchException(String plugin, String dependency, String minVersion, String currentVersion) {
+    super(
+      entity("Dependency", dependency)
+        .in("Plugin", plugin)
+        .build(),
+      String.format(
+        "%s requires dependency %s at least in version %s, but it is installed in version %s",
+        plugin, dependency, minVersion, currentVersion
+      )
+    );
+    this.plugin = plugin;
+    this.dependency = dependency;
+    this.minVersion = minVersion;
+    this.currentVersion = currentVersion;
+  }
+
+  @Override
+  public String getCode() {
+    return null;
+  }
+}

scm-webapp/src/main/java/sonia/scm/plugin/PluginInstallationContext.java

@@ -0,0 +1,61 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.plugin;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+public final class PluginInstallationContext {
+
+  private final Map<String, NameAndVersion> dependencies;
+
+  private PluginInstallationContext(Map<String, NameAndVersion> dependencies) {
+    this.dependencies = dependencies;
+  }
+
+  public static PluginInstallationContext empty() {
+    return new PluginInstallationContext(Collections.emptyMap());
+  }
+
+  public static PluginInstallationContext of(Iterable<InstalledPlugin> installed, Iterable<AvailablePlugin> pending) {
+    Map<String, NameAndVersion> dependencies = new HashMap<>();
+    append(dependencies, installed);
+    append(dependencies, pending);
+    return new PluginInstallationContext(dependencies);
+  }
+
+  private static <P extends Plugin> void append(Map<String, NameAndVersion> dependencies, Iterable<P> plugins) {
+    for (Plugin plugin : plugins) {
+      PluginInformation information = plugin.getDescriptor().getInformation();
+      dependencies.put(information.getName(), new NameAndVersion(information.getName(), information.getVersion()));
+    }
+  }
+
+  public Optional<NameAndVersion> find(String name) {
+    return Optional.ofNullable(dependencies.get(name));
+  }
+}

scm-webapp/src/main/java/sonia/scm/plugin/PluginInstallationVerifier.java

@@ -0,0 +1,95 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.plugin;
+
+import sonia.scm.version.Version;
+
+import java.util.Optional;
+import java.util.Set;
+
+public final class PluginInstallationVerifier {
+
+  private PluginInstallationVerifier() {
+  }
+
+  public static void verify(PluginInstallationContext context, InstalledPlugin plugin) {
+    verify(context, plugin.getDescriptor());
+  }
+
+  public static void verify(PluginInstallationContext context, InstalledPluginDescriptor descriptor) {
+    verifyConditions(descriptor);
+    verifyDependencies(context, descriptor);
+    verifyOptionalDependencies(context, descriptor);
+  }
+
+  private static void verifyConditions(InstalledPluginDescriptor descriptor) {
+    // TODO we should provide more details here, which condition has failed
+    if (!descriptor.getCondition().isSupported()) {
+      throw new PluginConditionFailedException(
+        descriptor.getCondition(),
+        String.format(
+          "could not load plugin %s, the plugin condition does not match",
+          descriptor.getInformation().getName()
+        )
+      );
+    }
+  }
+
+  private static void verifyDependencies(PluginInstallationContext context, InstalledPluginDescriptor descriptor) {
+    Set<NameAndVersion> dependencies = descriptor.getDependenciesWithVersion();
+    for (NameAndVersion dependency : dependencies) {
+      NameAndVersion installed = context.find(dependency.getName())
+        .orElseThrow(
+          () -> new DependencyNotFoundException(descriptor.getInformation().getName(), dependency.getName())
+        );
+
+      dependency.getVersion().ifPresent(requiredVersion -> verifyDependencyVersion(descriptor, dependency, installed));
+    }
+  }
+
+  private static void verifyOptionalDependencies(PluginInstallationContext context, InstalledPluginDescriptor descriptor) {
+    Set<NameAndVersion> dependencies = descriptor.getOptionalDependenciesWithVersion();
+    for (NameAndVersion dependency : dependencies) {
+      Optional<Version> version = dependency.getVersion();
+      if (version.isPresent()) {
+        Optional<NameAndVersion> installed = context.find(dependency.getName());
+        installed.ifPresent(nameAndVersion -> verifyDependencyVersion(descriptor, dependency, nameAndVersion));
+      }
+    }
+  }
+
+  private static void verifyDependencyVersion(InstalledPluginDescriptor descriptor, NameAndVersion required, NameAndVersion installed) {
+    Version requiredVersion = required.mustGetVersion();
+    Version installedVersion = installed.mustGetVersion();
+    if (installedVersion.isOlder(requiredVersion)) {
+      throw new DependencyVersionMismatchException(
+        descriptor.getInformation().getName(),
+        required.getName(),
+        requiredVersion.getUnparsedVersion(),
+        installedVersion.getUnparsedVersion()
+      );
+    }
+  }
+}

scm-webapp/src/main/java/sonia/scm/plugin/PluginInstaller.java

@@ -41,26 +41,26 @@ import java.util.Optional;
 @SuppressWarnings("UnstableApiUsage") // guava hash is marked as unstable
 class PluginInstaller {
 
-  private final SCMContextProvider context;
+  private final SCMContextProvider scmContext;
   private final AdvancedHttpClient client;
   private final SmpDescriptorExtractor smpDescriptorExtractor;
 
   @Inject
-  public PluginInstaller(SCMContextProvider context, AdvancedHttpClient client, SmpDescriptorExtractor smpDescriptorExtractor) {
-    this.context = context;
+  public PluginInstaller(SCMContextProvider scmContext, AdvancedHttpClient client, SmpDescriptorExtractor smpDescriptorExtractor) {
+    this.scmContext = scmContext;
     this.client = client;
     this.smpDescriptorExtractor = smpDescriptorExtractor;
   }
 
   @SuppressWarnings("squid:S4790") // hashing should be safe
-  public PendingPluginInstallation install(AvailablePlugin plugin) {
+  public PendingPluginInstallation install(PluginInstallationContext context, AvailablePlugin plugin) {
     Path file = null;
     try (HashingInputStream input = new HashingInputStream(Hashing.sha256(), download(plugin))) {
       file = createFile(plugin);
       Files.copy(input, file);
 
       verifyChecksum(plugin, input.hash(), file);
-      verifyConditions(plugin, file);
+      verifyConditions(context, file);
       return new PendingPluginInstallation(plugin.install(), file);
     } catch (IOException ex) {
       cleanup(file);
@@ -89,17 +89,13 @@ class PluginInstaller {
     }
   }
 
-  private void verifyConditions(AvailablePlugin plugin, Path file) throws IOException {
+  private void verifyConditions(PluginInstallationContext context, Path file) throws IOException {
     InstalledPluginDescriptor pluginDescriptor = smpDescriptorExtractor.extractPluginDescriptor(file);
-    if (!pluginDescriptor.getCondition().isSupported()) {
+    try {
+      PluginInstallationVerifier.verify(context, pluginDescriptor);
+    } catch (PluginException ex) {
       cleanup(file);
-      throw new PluginConditionFailedException(
-        pluginDescriptor.getCondition(),
-        String.format(
-          "could not load plugin %s, the plugin condition does not match",
-          plugin.getDescriptor().getInformation().getName()
-        )
-      );
+      throw ex;
     }
   }
 
@@ -108,7 +104,7 @@ class PluginInstaller {
   }
 
   private Path createFile(AvailablePlugin plugin) throws IOException {
-    Path directory = context.resolve(Paths.get("plugins"));
+    Path directory = scmContext.resolve(Paths.get("plugins"));
     Files.createDirectories(directory);
     return directory.resolve(plugin.getDescriptor().getInformation().getName() + ".smp");
   }