Merge pull request #35216 from appsmithorg/cherry-pick/26-jul

Cherry pick/26 jul

Author: nerbos

app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomOAuth2UserServiceCEImpl.java

@@ -3,13 +3,16 @@
 import com.appsmith.server.domains.LoginSource;
 import com.appsmith.server.domains.User;
 import com.appsmith.server.domains.UserState;
+import com.appsmith.server.exceptions.AppsmithException;
+import com.appsmith.server.exceptions.AppsmithOAuth2AuthenticationException;
 import com.appsmith.server.repositories.UserRepository;
 import com.appsmith.server.services.UserService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import reactor.core.publisher.Mono;
 
@@ -65,6 +68,12 @@ private Mono<User> checkAndCreateUser(OAuth2User oAuth2User, OAuth2UserRequest u
                         return repository.save(user);
                     }
                     return Mono.just(user);
-                });
+                })
+                .onErrorMap(
+                        AppsmithException.class,
+                        // Throwing an AppsmithOAuth2AuthenticationException in case of an AppsmithException
+                        // This is to differentiate between Appsmith exceptions and OAuth2 exceptions
+                        error -> new AppsmithOAuth2AuthenticationException(
+                                new OAuth2Error(error.getAppErrorCode().toString(), error.getMessage(), "")));
     }
 }

app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomOidcUserServiceCEImpl.java

@@ -4,6 +4,7 @@
 import com.appsmith.server.domains.User;
 import com.appsmith.server.domains.UserState;
 import com.appsmith.server.exceptions.AppsmithException;
+import com.appsmith.server.exceptions.AppsmithOAuth2AuthenticationException;
 import com.appsmith.server.repositories.UserRepository;
 import com.appsmith.server.services.UserService;
 import lombok.extern.slf4j.Slf4j;
@@ -76,7 +77,9 @@ public Mono<User> checkAndCreateUser(OidcUser oidcUser, OidcUserRequest userRequ
                 })
                 .onErrorMap(
                         AppsmithException.class,
-                        error -> new OAuth2AuthenticationException(
+                        // Throwing an AppsmithOAuth2AuthenticationException in case of an AppsmithException
+                        // This is to differentiate between Appsmith exceptions and OAuth2 exceptions
+                        error -> new AppsmithOAuth2AuthenticationException(
                                 new OAuth2Error(error.getAppErrorCode().toString(), error.getMessage(), "")));
     }
 }

app/server/appsmith-server/src/main/java/com/appsmith/server/exceptions/AppsmithOAuth2AuthenticationException.java

@@ -0,0 +1,29 @@
+package com.appsmith.server.exceptions;
+
+import lombok.Getter;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
+
+@Getter
+public class AppsmithOAuth2AuthenticationException extends OAuth2AuthenticationException {
+
+    private final OAuth2Error error;
+    /**
+     * Constructs an {@code AppsmithOAuth2AuthenticationException} using the provided parameters.
+     * @param error the {@link OAuth2Error OAuth 2.0 Error}
+     */
+    public AppsmithOAuth2AuthenticationException(OAuth2Error error) {
+        this(error, error.getDescription(), null);
+    }
+
+    /**
+     * Constructs an {@code AppsmithOAuth2AuthenticationException} using the provided parameters.
+     * @param error the {@link OAuth2Error OAuth 2.0 Error}
+     * @param message the detail message
+     * @param cause the root cause
+     */
+    public AppsmithOAuth2AuthenticationException(OAuth2Error error, String message, Throwable cause) {
+        super(error, message, cause);
+        this.error = error;
+    }
+}

deploy/docker/fs/opt/appsmith/entrypoint.sh

@@ -437,10 +437,19 @@ init_postgres() {
 
 }
 
-safe_init_postgres(){
-runEmbeddedPostgres=1
-# fail safe to prevent entrypoint from exiting, and prevent postgres from starting
-init_postgres || runEmbeddedPostgres=0
+safe_init_postgres() {
+  runEmbeddedPostgres=1
+  # fail safe to prevent entrypoint from exiting, and prevent postgres from starting
+  # when runEmbeddedPostgres=0 , postgres conf file for supervisord will not be copied
+  # so postgres will not be started by supervisor. Explicit message helps us to know upgrade script failed.
+
+  if init_postgres; then
+    tlog "init_postgres succeeded."
+  else
+    local exit_status=$?
+    tlog "init_postgres failed with exit status $exit_status."
+    runEmbeddedPostgres=0
+  fi
 }
 
 setup_caddy() {

deploy/docker/fs/opt/appsmith/pg-upgrade.sh

@@ -37,11 +37,6 @@ if [[ -z "$old_version" ]]; then
 	exit
 fi
 
-if [[ -f "$pg_data_dir/postmaster.pid" ]]; then
-	tlog "Previous Postgres was not shutdown cleanly. Please start and stop Postgres $old_version properly with 'supervisorctl' only." >&2
-	exit 1
-fi
-
 top_available_version="$(postgres --version | grep -o '[[:digit:]]\+' | head -1)"
 
 declare -a to_uninstall
@@ -55,14 +50,30 @@ if [[ "$old_version" == 13 && "$top_available_version" > "$old_version" ]]; then
 		to_uninstall+=("postgresql-$old_version")
 	fi
 
-  new_version="$((old_version + 1))"
-  new_data_dir="$pg_data_dir-$new_version"
+	if [[ -f "$pg_data_dir/postmaster.pid" ]]; then
+		# Start old PostgreSQL using pg_ctl
+		tlog "Stale postmaster.pid found. Starting old PostgreSQL $old_version using pg_ctl to cleanup."
+		su postgres -c "$postgres_path/$old_version/bin/pg_ctl start -D '$pg_data_dir' "
+
+		# Wait for old PostgreSQL to be ready
+		until su postgres -c "$postgres_path/$old_version/bin/pg_isready"; do
+			tlog "Waiting for PostgreSQL $old_version to start..."
+			sleep 1
+		done
+
+		# Shut down PostgreSQL gracefully using pg_ctl
+		su postgres -c "$postgres_path/$old_version/bin/pg_ctl stop -D '$pg_data_dir' -m smart"
+		tlog "PostgreSQL $old_version has been shut down."
+	fi
+
+	new_version="$((old_version + 1))"
+	new_data_dir="$pg_data_dir-$new_version"
 
-  # `pg_upgrade` writes log to current folder. So change to a temp folder first.
-  rm -rf "$TMP/pg_upgrade" "$new_data_dir"
-  mkdir -p "$TMP/pg_upgrade" "$new_data_dir"
-  chown -R postgres "$TMP/pg_upgrade" "$new_data_dir"
-  cd "$TMP/pg_upgrade"
+	# `pg_upgrade` writes log to current folder. So change to a temp folder first.
+	rm -rf "$TMP/pg_upgrade" "$new_data_dir"
+	mkdir -p "$TMP/pg_upgrade" "$new_data_dir"
+	chown -R postgres "$TMP/pg_upgrade" "$new_data_dir"
+	cd "$TMP/pg_upgrade"
 
 	# Required by the temporary Postgres server started by `pg_upgrade`.
 	chown postgres /etc/ssl/private/ssl-cert-snakeoil.key
@@ -88,7 +99,7 @@ if [[ "$old_version" == 13 && "$top_available_version" > "$old_version" ]]; then
 fi
 
 if [[ -n "${#to_uninstall[@]}" ]]; then
-	apt-get purge "${to_uninstall[@]}"
+	DEBIAN_FRONTEND=noninteractive apt-get purge --yes "${to_uninstall[@]}"
 	apt-get clean
 fi