Merge branch 'develop' into feature/uvf

# Conflicts:
#	frontend/package-lock.json
#	frontend/src/components/CreateVault.vue
#	frontend/src/components/VaultDetails.vue

.github/workflows/build.yml

@@ -41,7 +41,7 @@ jobs:
         working-directory: frontend
         run: npm run dist
       - name: SonarCloud Scan Frontend
-        uses: SonarSource/sonarcloud-github-action@master
+        uses: SonarSource/sonarqube-scan-action@v4
         with:
           projectBaseDir: frontend
           args: >

CHANGELOG.md

@@ -12,13 +12,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - This CHANGELOG file
 - WoT: Users will now have an ECDH as well as ECDSA key (#282)
 - WoT: Users can now mutually verify their identity, hardening Hub against injection of malicious public keys (#281)
+- WoT: Admins can adjust WoT parameters (#297)
 - Permission to create new vaults can now be controlled via the `create-vaults` role in Keycloak (#206)
 
 ### Changed
 
 - Updated Keycloak to 25.0.6
 - Updated to Java 21 (#272)
 - Updated to Quarkus 3.8.x LTS (#272)
+- Updated to tailwindcss 4
+- Updated to Vite 6
 - Bumped build time dependencies
 - Migrated remaining commonjs modules in frontend build to ESM (#291)
 - Memoize infrequently changing data, reducing XHR roundtrips

backend/src/main/java/org/cryptomator/hub/api/AuditLogResource.java

@@ -17,6 +17,7 @@
 import org.cryptomator.hub.entities.events.AuditEvent;
 import org.cryptomator.hub.entities.events.DeviceRegisteredEvent;
 import org.cryptomator.hub.entities.events.DeviceRemovedEvent;
+import org.cryptomator.hub.entities.events.SettingWotUpdateEvent;
 import org.cryptomator.hub.entities.events.SignedWotIdEvent;
 import org.cryptomator.hub.entities.events.VaultAccessGrantedEvent;
 import org.cryptomator.hub.entities.events.VaultCreatedEvent;
@@ -81,6 +82,7 @@ public List<AuditEventDto> getAllEvents(@QueryParam("startDate") Instant startDa
 	@JsonSubTypes({ //
 			@JsonSubTypes.Type(value = DeviceRegisteredEventDto.class, name = DeviceRegisteredEvent.TYPE), //
 			@JsonSubTypes.Type(value = DeviceRemovedEventDto.class, name = DeviceRemovedEvent.TYPE), //
+			@JsonSubTypes.Type(value = SettingWotUpdateEvent.class, name = SettingWotUpdateEvent.TYPE), //
 			@JsonSubTypes.Type(value = SignedWotIdEvent.class, name = SignedWotIdEvent.TYPE), //
 			@JsonSubTypes.Type(value = VaultCreatedEventDto.class, name = VaultCreatedEvent.TYPE), //
 			@JsonSubTypes.Type(value = VaultUpdatedEventDto.class, name = VaultUpdatedEvent.TYPE), //
@@ -104,6 +106,7 @@ static AuditEventDto fromEntity(AuditEvent entity) {
 				case DeviceRegisteredEvent evt -> new DeviceRegisteredEventDto(evt.getId(), evt.getTimestamp(), DeviceRegisteredEvent.TYPE, evt.getRegisteredBy(), evt.getDeviceId(), evt.getDeviceName(), evt.getDeviceType());
 				case DeviceRemovedEvent evt -> new DeviceRemovedEventDto(evt.getId(), evt.getTimestamp(), DeviceRemovedEvent.TYPE, evt.getRemovedBy(), evt.getDeviceId());
 				case SignedWotIdEvent evt -> new SignedWotIdEventDto(evt.getId(), evt.getTimestamp(), SignedWotIdEvent.TYPE, evt.getUserId(), evt.getSignerId(), evt.getSignerKey(), evt.getSignature());
+				case SettingWotUpdateEvent evt -> new SettingWotUpdateDto(evt.getId(), evt.getTimestamp(), SettingWotUpdateEvent.TYPE, evt.getUpdatedBy(), evt.getWotMaxDepth(), evt.getWotIdVerifyLen());
 				case VaultCreatedEvent evt -> new VaultCreatedEventDto(evt.getId(), evt.getTimestamp(), VaultCreatedEvent.TYPE, evt.getCreatedBy(), evt.getVaultId(), evt.getVaultName(), evt.getVaultDescription());
 				case VaultUpdatedEvent evt -> new VaultUpdatedEventDto(evt.getId(), evt.getTimestamp(), VaultUpdatedEvent.TYPE, evt.getUpdatedBy(), evt.getVaultId(), evt.getVaultName(), evt.getVaultDescription(), evt.isVaultArchived());
 				case VaultAccessGrantedEvent evt -> new VaultAccessGrantedEventDto(evt.getId(), evt.getTimestamp(), VaultAccessGrantedEvent.TYPE, evt.getGrantedBy(), evt.getVaultId(), evt.getAuthorityId());
@@ -127,6 +130,9 @@ record DeviceRemovedEventDto(long id, Instant timestamp, String type, @JsonPrope
 	record SignedWotIdEventDto(long id, Instant timestamp, String type, @JsonProperty("userId") String userId, @JsonProperty("signerId") String signerId, @JsonProperty("signerKey") String signerKey, @JsonProperty("signature") String signature) implements AuditEventDto {
 	}
 
+	record SettingWotUpdateDto(long id, Instant timestamp, String type, @JsonProperty("updatedBy") String updatedBy, @JsonProperty("wotMaxDepth") int wotMaxDepth, @JsonProperty("wotIdVerifyLen") int wotIdVerifyLen) implements AuditEventDto {
+	}
+
 	record VaultCreatedEventDto(long id, Instant timestamp, String type, @JsonProperty("createdBy") String createdBy, @JsonProperty("vaultId") UUID vaultId, @JsonProperty("vaultName") String vaultName,
 								@JsonProperty("vaultDescription") String vaultDescription) implements AuditEventDto {
 	}

backend/src/main/java/org/cryptomator/hub/api/SettingsResource.java

@@ -16,15 +16,23 @@
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import org.cryptomator.hub.entities.Settings;
+import org.cryptomator.hub.entities.events.EventLogger;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
 
 @Path("/settings")
 public class SettingsResource {
 
+	@Inject
+	EventLogger eventLogger;
+
 	@Inject
 	Settings.Repository settingsRepo;
 
+	@Inject
+	JsonWebToken jwt;
+
 	@GET
 	@RolesAllowed("user")
 	@Produces(MediaType.APPLICATION_JSON)
@@ -45,9 +53,14 @@ public SettingsDto get() {
 	@Transactional
 	public Response put(@NotNull @Valid SettingsDto dto) {
 		var settings = settingsRepo.get();
+		var oldWotIdVerifyLen = settings.getWotIdVerifyLen();
+		var oldWotMaxDepth = settings.getWotMaxDepth();
 		settings.setWotMaxDepth(dto.wotMaxDepth);
 		settings.setWotIdVerifyLen(dto.wotIdVerifyLen);
 		settingsRepo.persist(settings);
+		if (oldWotMaxDepth != dto.wotMaxDepth || oldWotIdVerifyLen != dto.wotIdVerifyLen) {
+			eventLogger.logWotSettingUpdated(jwt.getSubject(), dto.wotIdVerifyLen, dto.wotMaxDepth);
+		}
 		return Response.status(Response.Status.NO_CONTENT).build();
 	}
 

backend/src/main/java/org/cryptomator/hub/entities/events/EventLogger.java

@@ -100,6 +100,15 @@ public void logVaultMemberUpdated(String updatedBy, UUID vaultId, String authori
 		auditEventRepository.persist(event);
 	}
 
+	public void logWotSettingUpdated(String updatedBy, int wotIdVerifyLen, int wotMaxDepth) {
+		var event = new SettingWotUpdateEvent();
+		event.setTimestamp(Instant.now());
+		event.setWotIdVerifyLen(wotIdVerifyLen);
+		event.setWotMaxDepth(wotMaxDepth);
+		event.setUpdatedBy(updatedBy);
+		auditEventRepository.persist(event);
+	}
+
 	public void logWotIdSigned(String userId, String signerId, String signerKey, String signature) {
 		var event = new SignedWotIdEvent();
 		event.setTimestamp(Instant.now());

backend/src/main/java/org/cryptomator/hub/entities/events/SettingWotUpdateEvent.java

@@ -0,0 +1,63 @@
+package org.cryptomator.hub.entities.events;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.DiscriminatorValue;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+
+import java.time.Instant;
+import java.util.Objects;
+
+@Entity
+@Table(name = "audit_event_setting_wot_update")
+@DiscriminatorValue(SettingWotUpdateEvent.TYPE)
+public class SettingWotUpdateEvent extends AuditEvent {
+
+	public static final String TYPE = "SETTING_WOT_UPDATE";
+
+	@Column(name = "updated_by")
+	private String updatedBy;
+
+	@Column(name = "wot_max_depth")
+	private int wotMaxDepth;
+
+	@Column(name = "wot_id_verify_len")
+	private int wotIdVerifyLen;
+
+	public String getUpdatedBy() {
+		return updatedBy;
+	}
+
+	public void setUpdatedBy(String updatedBy) {
+		this.updatedBy = updatedBy;
+	}
+
+	public int getWotMaxDepth() {
+		return wotMaxDepth;
+	}
+
+	public void setWotMaxDepth(int wotMaxDepth) {
+		this.wotMaxDepth = wotMaxDepth;
+	}
+
+	public int getWotIdVerifyLen() {
+		return wotIdVerifyLen;
+	}
+
+	public void setWotIdVerifyLen(int wotIdVerifyLen) {
+		this.wotIdVerifyLen = wotIdVerifyLen;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (o == null || getClass() != o.getClass()) return false;
+		if (!super.equals(o)) return false;
+		SettingWotUpdateEvent that = (SettingWotUpdateEvent) o;
+		return wotMaxDepth == that.wotMaxDepth && wotIdVerifyLen == that.wotIdVerifyLen && Objects.equals(updatedBy, that.updatedBy);
+	}
+
+	@Override
+	public int hashCode() {
+		return Objects.hash(super.hashCode(), updatedBy, wotMaxDepth, wotIdVerifyLen);
+	}
+}

backend/src/main/resources/org/cryptomator/hub/flyway/V17__Create_Audit_Event_Setting_WoT.sql

@@ -0,0 +1,9 @@
+CREATE TABLE "audit_event_setting_wot_update"
+(
+	"id"                BIGINT NOT NULL,
+	"updated_by"        VARCHAR(255) COLLATE "C" NOT NULL,
+	"wot_max_depth"     INTEGER NOT NULL,
+	"wot_id_verify_len" INTEGER NOT NULL,
+	CONSTRAINT "AUDIT_EVENT_SETTING_WOT_UPDATE_PK" PRIMARY KEY ("id"),
+	CONSTRAINT "AUDIT_EVENT_SETTING_WOT_UPDATE_FK_AUDIT_EVENT" FOREIGN KEY ("id") REFERENCES "audit_event" ("id") ON DELETE CASCADE
+);