@oneuptime/common 9.1.0 → 9.1.2

package/Server/Services/TeamMemberService.ts

@@ -44,10 +44,11 @@ export class TeamMemberService extends DatabaseService<TeamMember> {
   }
 
   @CaptureSpan()
-  private async isSCIMEnabled(projectId: ObjectID): Promise<boolean> {
+  private async isSCIMPushGroupsEnabled(projectId: ObjectID): Promise<boolean> {
     const count: PositiveNumber = await ProjectSCIMService.countBy({
       query: {
         projectId: projectId,
+        enablePushGroups: true,
       },
       props: {
         isRoot: true,
@@ -63,12 +64,12 @@ export class TeamMemberService extends DatabaseService<TeamMember> {
     // Check if SCIM is enabled for the project
     if (
       !createBy.props.isRoot &&
-      (await this.isSCIMEnabled(
+      (await this.isSCIMPushGroupsEnabled(
         createBy.data.projectId! || createBy.props.tenantId,
       ))
     ) {
       throw new BadDataException(
-        "Cannot invite team members when SCIM is enabled for this project.",
+        "Cannot invite team members while SCIM Push Groups is enabled for this project. Disable Push Groups to manage members from OneUptime.",
       );
     }
 
@@ -311,10 +312,10 @@ export class TeamMemberService extends DatabaseService<TeamMember> {
       !deleteBy.props.isRoot &&
       members.length > 0 &&
       members[0]?.projectId &&
-      (await this.isSCIMEnabled(members[0].projectId))
+      (await this.isSCIMPushGroupsEnabled(members[0].projectId))
     ) {
       throw new BadDataException(
-        "Cannot delete team members when SCIM is enabled for this project.",
+        "Cannot delete team members while SCIM Push Groups is enabled for this project. Disable Push Groups to manage members from OneUptime.",
       );
     }
 
@@ -346,11 +347,11 @@ export class TeamMemberService extends DatabaseService<TeamMember> {
         });
 
         // Skip the one-member guard when SCIM manages membership for the project.
-        const isSCIMEnabled: boolean = await this.isSCIMEnabled(
+        const isPushGroupsManaged: boolean = await this.isSCIMPushGroupsEnabled(
           member.projectId!,
         );
 
-        if (!isSCIMEnabled && membersInTeam.toNumber() <= 1) {
+        if (!isPushGroupsManaged && membersInTeam.toNumber() <= 1) {
           throw new BadDataException(
             Errors.TeamMemberService.ONE_MEMBER_REQUIRED,
           );

package/Server/Services/TeamService.ts

@@ -71,6 +71,7 @@ export class Service extends DatabaseService<Model> {
       const scimCount: PositiveNumber = await ProjectSCIMService.countBy({
         query: {
           projectId: projectId,
+          enablePushGroups: true,
         },
         skip: new PositiveNumber(0),
         limit: new PositiveNumber(1),
@@ -82,7 +83,7 @@ export class Service extends DatabaseService<Model> {
 
       if (scimCount.toNumber() > 0) {
         throw new BadDataException(
-          `Cannot ${data.action} teams when SCIM is enabled for this project.`,
+          `Cannot ${data.action} teams while SCIM Push Groups is enabled for this project. Disable Push Groups to manage teams from OneUptime.`,
         );
       }
     }

package/Server/Types/Workflow/Components/Email.ts

@@ -115,9 +115,18 @@ export default class Email extends ComponentCode {
       const smtpTransport: SMTPTransport.Options = {
         host: args["smtp-host"]?.toString(),
         port: args["smtp-port"] as number,
-        secure: Boolean(args["secure"]),
       };
 
+      if (
+        args["secure"] === true ||
+        args["secure"] === "true" ||
+        args["secure"] === 1
+      ) {
+        smtpTransport.secure = true;
+      } else {
+        smtpTransport.secure = false;
+      }
+
       if (username && password) {
         smtpTransport.auth = {
           user: username,

package/Server/Utils/Browser.ts

@@ -166,7 +166,20 @@ export default class BrowserUtil {
       throw new BadDataException("Chrome executable path not found.");
     }
 
-    return `/root/.cache/ms-playwright/${chromeInstallationName}/chrome-linux/chrome`;
+    const chromeExecutableCandidates: Array<string> = [
+      `/root/.cache/ms-playwright/${chromeInstallationName}/chrome-linux/chrome`,
+      `/root/.cache/ms-playwright/${chromeInstallationName}/chrome-linux64/chrome`,
+      `/root/.cache/ms-playwright/${chromeInstallationName}/chrome64/chrome`,
+      `/root/.cache/ms-playwright/${chromeInstallationName}/chrome/chrome`,
+    ];
+
+    for (const executablePath of chromeExecutableCandidates) {
+      if (await LocalFile.doesFileExist(executablePath)) {
+        return executablePath;
+      }
+    }
+
+    throw new BadDataException("Chrome executable path not found.");
   }
 
   @CaptureSpan()
@@ -197,6 +210,19 @@ export default class BrowserUtil {
       throw new BadDataException("Firefox executable path not found.");
     }
 
-    return `/root/.cache/ms-playwright/${firefoxInstallationName}/firefox/firefox`;
+    const firefoxExecutableCandidates: Array<string> = [
+      `/root/.cache/ms-playwright/${firefoxInstallationName}/firefox/firefox`,
+      `/root/.cache/ms-playwright/${firefoxInstallationName}/firefox-linux64/firefox`,
+      `/root/.cache/ms-playwright/${firefoxInstallationName}/firefox64/firefox`,
+      `/root/.cache/ms-playwright/${firefoxInstallationName}/firefox-64/firefox`,
+    ];
+
+    for (const executablePath of firefoxExecutableCandidates) {
+      if (await LocalFile.doesFileExist(executablePath)) {
+        return executablePath;
+      }
+    }
+
+    throw new BadDataException("Firefox executable path not found.");
   }
 }

package/Server/Utils/Captcha.ts

@@ -0,0 +1,98 @@
+import axios, { AxiosError, AxiosResponse } from "axios";
+import BadDataException from "../../Types/Exception/BadDataException";
+import logger from "./Logger";
+import { CaptchaEnabled, CaptchaSecretKey } from "../EnvironmentConfig";
+
+export interface VerifyCaptchaOptions {
+  token: string | null | undefined;
+  remoteIp?: string | null;
+}
+
+const REQUEST_TIMEOUT_MS: number = 5000;
+const GENERIC_ERROR_MESSAGE: string =
+  "Captcha verification failed. Please try again.";
+
+type HCaptchaResponse = {
+  success?: boolean;
+  [key: string]: unknown;
+};
+
+class CaptchaUtil {
+  public static isCaptchaEnabled(): boolean {
+    return CaptchaEnabled && Boolean(CaptchaSecretKey);
+  }
+
+  public static async verifyCaptcha(
+    options: VerifyCaptchaOptions,
+  ): Promise<void> {
+    if (!CaptchaEnabled) {
+      return;
+    }
+
+    if (!CaptchaSecretKey) {
+      logger.error(
+        "Captcha is enabled but CAPTCHA_SECRET_KEY is not configured.",
+      );
+      throw new BadDataException(GENERIC_ERROR_MESSAGE);
+    }
+
+    const token: string = (options.token || "").trim();
+
+    if (!token) {
+      throw new BadDataException(
+        "Captcha token is missing. Please complete the verification challenge.",
+      );
+    }
+
+    try {
+      await this.verifyHCaptcha(token, options.remoteIp || undefined);
+    } catch (err) {
+      if (axios.isAxiosError(err)) {
+        const axiosError: AxiosError = err as AxiosError;
+        logger.error(
+          `Captcha provider verification failure: ${axiosError.message}`,
+        );
+      } else {
+        logger.error(
+          `Captcha provider verification failure: ${(err as Error).message}`,
+        );
+      }
+
+      throw new BadDataException(GENERIC_ERROR_MESSAGE);
+    }
+  }
+
+  private static async verifyHCaptcha(
+    token: string,
+    remoteIp?: string,
+  ): Promise<void> {
+    const params: URLSearchParams = new URLSearchParams();
+    params.append("secret", CaptchaSecretKey);
+    params.append("response", token);
+
+    if (remoteIp) {
+      params.append("remoteip", remoteIp);
+    }
+
+    const response: AxiosResponse<HCaptchaResponse> =
+      await axios.post<HCaptchaResponse>(
+        "https://hcaptcha.com/siteverify",
+        params.toString(),
+        {
+          headers: {
+            "content-type": "application/x-www-form-urlencoded",
+          },
+          timeout: REQUEST_TIMEOUT_MS,
+        },
+      );
+
+    if (!response.data?.success) {
+      logger.warn(
+        `hCaptcha verification failed: ${JSON.stringify(response.data || {})}`,
+      );
+      throw new BadDataException(GENERIC_ERROR_MESSAGE);
+    }
+  }
+}
+
+export default CaptchaUtil;

package/Server/Utils/Greenlock/Greenlock.ts

@@ -1,4 +1,5 @@
 import {
+  IsBillingEnabled,
   LetsEncryptAccountKey,
   LetsEncryptNotificationEmail,
 } from "../../../Server/EnvironmentConfig";
@@ -325,9 +326,15 @@ export default class GreenlockUtil {
         throw e;
       }
 
-      throw new ServerException(
-        `Unable to order certificate for ${data.domain}. Please contact support at support@oneuptime.com for more information.`,
-      );
+      if (IsBillingEnabled) {
+        throw new ServerException(
+          `Unable to order certificate for ${data.domain}. Please contact support at support@oneuptime.com for more information.`,
+        );
+      } else {
+        throw new ServerException(
+          `Unable to order certificate for ${data.domain}. Please make sure that your server can be accessed publicly over port 80 (HTTP) and port 443 (HTTPS). If the problem persists, please refer to server logs for more information. Please also set up LOG_LEVEL=DEBUG to get more detailed server logs.`,
+        );
+      }
     }
   }
 }

package/Server/Utils/Telemetry.ts

@@ -226,7 +226,11 @@ export default class Telemetry {
       };
 
       if (logRecordProcessors.length > 0) {
-        loggerProviderConfig.processors = logRecordProcessors;
+        (
+          loggerProviderConfig as LoggerProviderConfig & {
+            processors?: Array<LogRecordProcessor>;
+          }
+        ).processors = logRecordProcessors;
       }
 
       this.loggerProvider = new LoggerProvider(loggerProviderConfig);
@@ -254,7 +258,11 @@ export default class Telemetry {
        */
 
       if (logRecordProcessors.length > 0) {
-        nodeSdkConfiguration.logRecordProcessors = logRecordProcessors;
+        (
+          nodeSdkConfiguration as opentelemetry.NodeSDKConfiguration & {
+            logRecordProcessors?: Array<LogRecordProcessor>;
+          }
+        ).logRecordProcessors = logRecordProcessors;
       }
 
       const sdk: opentelemetry.NodeSDK = new opentelemetry.NodeSDK(

package/Server/Utils/Workspace/MicrosoftTeams/Actions/Incident.ts

@@ -320,6 +320,7 @@ export default class MicrosoftTeamsIncidentActions {
             name: true,
           },
           createdAt: true,
+          declaredAt: true,
         },
         props: {
           isRoot: true,
@@ -331,7 +332,9 @@ export default class MicrosoftTeamsIncidentActions {
         return;
       }
 
-      const message: string = `**Incident Details**\n\n**Title:** ${incident.title}\n**Description:** ${incident.description || "No description"}\n**State:** ${incident.currentIncidentState?.name || "Unknown"}\n**Severity:** ${incident.incidentSeverity?.name || "Unknown"}\n**Created At:** ${incident.createdAt ? new Date(incident.createdAt).toLocaleString() : "Unknown"}`;
+      const declaredAt: Date | undefined =
+        incident.declaredAt || incident.createdAt || undefined;
+      const message: string = `**Incident Details**\n\n**Title:** ${incident.title}\n**Description:** ${incident.description || "No description"}\n**State:** ${incident.currentIncidentState?.name || "Unknown"}\n**Severity:** ${incident.incidentSeverity?.name || "Unknown"}\n**Declared At:** ${declaredAt ? new Date(declaredAt).toLocaleString() : "Unknown"}`;
 
       await turnContext.sendActivity(message);
       return;

package/Server/Utils/Workspace/MicrosoftTeams/MicrosoftTeams.ts

@@ -43,6 +43,7 @@ import OneUptimeDate from "../../../../Types/Date";
 import {
   MicrosoftTeamsAppClientId,
   MicrosoftTeamsAppClientSecret,
+  MicrosoftTeamsAppTenantId,
 } from "../../../EnvironmentConfig";
 
 // Import services for bot commands
@@ -91,18 +92,25 @@ const MICROSOFT_TEAMS_APP_TYPE: string = "SingleTenant";
 const MICROSOFT_TEAMS_MAX_PAGES: number = 500;
 
 export default class MicrosoftTeamsUtil extends WorkspaceBase {
+  private static cachedAdapter: CloudAdapter | null = null;
   private static readonly WELCOME_CARD_STATE_KEY: string =
     "oneuptime.microsoftTeams.welcomeCardSent";
   // Get or create Bot Framework adapter for a specific tenant
-  private static getBotAdapter(microsoftAppTenantId: string): CloudAdapter {
+  private static getBotAdapter(): CloudAdapter {
+    if (this.cachedAdapter) {
+      return this.cachedAdapter;
+    }
+
     if (!MicrosoftTeamsAppClientId || !MicrosoftTeamsAppClientSecret) {
       throw new BadDataException(
         "Microsoft Teams App credentials not configured",
       );
     }
 
-    if (!microsoftAppTenantId) {
-      throw new BadDataException("Microsoft Teams tenant ID is required");
+    if (!MicrosoftTeamsAppTenantId) {
+      throw new BadDataException(
+        "Microsoft Teams app tenant ID is not configured",
+      );
     }
 
     logger.debug(
@@ -110,18 +118,19 @@ export default class MicrosoftTeamsUtil extends WorkspaceBase {
     );
     logger.debug(`App ID: ${MicrosoftTeamsAppClientId}`);
     logger.debug(`App Type: ${MICROSOFT_TEAMS_APP_TYPE}`);
-    logger.debug(`Tenant ID: ${microsoftAppTenantId}`);
+    logger.debug(`Tenant ID: ${MicrosoftTeamsAppTenantId}`);
 
     const authConfig: ConfigurationBotFrameworkAuthenticationOptions = {
       MicrosoftAppId: MicrosoftTeamsAppClientId,
       MicrosoftAppPassword: MicrosoftTeamsAppClientSecret,
       MicrosoftAppType: MICROSOFT_TEAMS_APP_TYPE,
-      MicrosoftAppTenantId: microsoftAppTenantId,
+      MicrosoftAppTenantId: MicrosoftTeamsAppTenantId,
     };
 
     const botFrameworkAuthentication: ConfigurationBotFrameworkAuthentication =
       new ConfigurationBotFrameworkAuthentication(authConfig);
     const adapter: CloudAdapter = new CloudAdapter(botFrameworkAuthentication);
+    this.cachedAdapter = adapter;
 
     logger.debug("Bot Framework adapter created successfully");
     return adapter;
@@ -1141,7 +1150,7 @@ export default class MicrosoftTeamsUtil extends WorkspaceBase {
       logger.debug(`Using bot ID: ${miscData.botId}`);
 
       // Get Bot Framework adapter
-      const adapter: CloudAdapter = this.getBotAdapter(tenantId);
+      const adapter: CloudAdapter = this.getBotAdapter();
 
       // Create conversation reference for the channel
       const conversationReference: ConversationReference = {
@@ -1920,11 +1929,13 @@ Just type any of these commands to get the information you need!`;
             color: true,
           },
           createdAt: true,
+          declaredAt: true,
           monitors: {
             name: true,
           },
         },
         sort: {
+          declaredAt: SortOrder.Descending,
           createdAt: SortOrder.Descending,
         },
         limit: 10,
@@ -1949,8 +1960,10 @@ If you need to report an incident or check historical incidents, please visit th
       for (const incident of activeIncidents) {
         const severity: string = incident.incidentSeverity?.name || "Unknown";
         const state: string = incident.currentIncidentState?.name || "Unknown";
-        const createdAt: string = incident.createdAt
-          ? OneUptimeDate.getDateAsFormattedString(incident.createdAt)
+        const declaredAt: Date | undefined =
+          incident.declaredAt || incident.createdAt;
+        const declaredAtText: string = declaredAt
+          ? OneUptimeDate.getDateAsFormattedString(declaredAt)
           : "Unknown";
 
         const severityIcon: string = ["Critical", "Major"].includes(severity)
@@ -1968,7 +1981,7 @@ If you need to report an incident or check historical incidents, please visit th
         message += `${severityIcon} **[Incident #${incident.incidentNumber}: ${incident.title}](${incidentUrl.toString()})**
 • **Severity:** ${severity}
 • **Status:** ${state}
-• **Created:** ${createdAt}
+• **Declared:** ${declaredAtText}
 `;
 
         if (incident.monitors && incident.monitors.length > 0) {
@@ -2564,7 +2577,7 @@ All monitoring checks are passing normally.`;
       }
 
       // Get Bot Framework adapter
-      const adapter: CloudAdapter = this.getBotAdapter(tenantId);
+      const adapter: CloudAdapter = this.getBotAdapter();
 
       // Create custom activity handler class that extends TeamsActivityHandler
       class OneUptimeTeamsActivityHandler extends TeamsActivityHandler {

package/Tests/Server/Services/TeamMemberService.test.ts

@@ -5,6 +5,8 @@ import MailService from "../../../Server/Services/MailService";
 import TeamMemberService from "../../../Server/Services/TeamMemberService";
 import UserNotificationRuleService from "../../../Server/Services/UserNotificationRuleService";
 import UserNotificationSettingService from "../../../Server/Services/UserNotificationSettingService";
+import ProjectSCIMService from "../../../Server/Services/ProjectSCIMService";
+import ProjectSCIM from "../../../Models/DatabaseModels/ProjectSCIM";
 import Errors from "../../../Server/Utils/Errors";
 import "../TestingUtils/Init";
 import ProjectServiceHelper from "../TestingUtils/Services/ProjectServiceHelper";
@@ -334,6 +336,123 @@ describe("TeamMemberService", () => {
           },
         );
       });
+
+      it("should block inviting users when SCIM push groups is enabled", async () => {
+        const owner: User = await UserServiceHelper.genrateAndSaveRandomUser(
+          null,
+          {
+            isRoot: true,
+          },
+        );
+
+        const project: Project =
+          await ProjectServiceHelper.generateAndSaveRandomProject(null, {
+            isRoot: true,
+            userId: owner.id!,
+          });
+
+        const team: Team = await TeamServiceHelper.generateAndSaveRandomTeam(
+          {
+            projectId: new ObjectID(project.id!),
+          },
+          {
+            isRoot: true,
+          },
+        );
+
+        const memberUser: User =
+          await UserServiceHelper.genrateAndSaveRandomUser(null, {
+            isRoot: true,
+          });
+
+        const scimWithPushGroups: ProjectSCIM = new ProjectSCIM();
+        scimWithPushGroups.projectId = new ObjectID(project._id!);
+        scimWithPushGroups.name = "Test SCIM Push Groups";
+        scimWithPushGroups.bearerToken = ObjectID.generate().toString();
+        scimWithPushGroups.enablePushGroups = true;
+
+        await ProjectSCIMService.create({
+          data: scimWithPushGroups,
+          props: {
+            isRoot: true,
+          },
+        });
+
+        const tm: TeamMember = TeamMemberServiceHelper.generateRandomTeamMember(
+          {
+            projectId: new ObjectID(project._id!),
+            userId: new ObjectID(memberUser._id!),
+            teamId: new ObjectID(team._id!),
+          },
+        );
+
+        await expect(
+          TeamMemberService.create({
+            data: tm,
+            props: { isRoot: false, tenantId: project.id! },
+          }),
+        ).rejects.toThrow(/SCIM Push Groups/i);
+      });
+
+      it("should allow inviting users when SCIM push groups is disabled", async () => {
+        const owner: User = await UserServiceHelper.genrateAndSaveRandomUser(
+          null,
+          {
+            isRoot: true,
+          },
+        );
+
+        const project: Project =
+          await ProjectServiceHelper.generateAndSaveRandomProject(null, {
+            isRoot: true,
+            userId: owner.id!,
+          });
+
+        const team: Team = await TeamServiceHelper.generateAndSaveRandomTeam(
+          {
+            projectId: new ObjectID(project.id!),
+          },
+          {
+            isRoot: true,
+          },
+        );
+
+        const memberUser: User =
+          await UserServiceHelper.genrateAndSaveRandomUser(null, {
+            isRoot: true,
+          });
+
+        const scimWithoutPushGroups: ProjectSCIM = new ProjectSCIM();
+        scimWithoutPushGroups.projectId = new ObjectID(project._id!);
+        scimWithoutPushGroups.name = "Test SCIM without Push Groups";
+        scimWithoutPushGroups.bearerToken = ObjectID.generate().toString();
+        scimWithoutPushGroups.enablePushGroups = false;
+
+        await ProjectSCIMService.create({
+          data: scimWithoutPushGroups,
+          props: {
+            isRoot: true,
+          },
+        });
+
+        const tm: TeamMember = TeamMemberServiceHelper.generateRandomTeamMember(
+          {
+            projectId: new ObjectID(project._id!),
+            userId: new ObjectID(memberUser._id!),
+            teamId: new ObjectID(team._id!),
+          },
+        );
+
+        const teamMember: TeamMember = await TeamMemberService.create({
+          data: tm,
+          props: { isRoot: false, tenantId: project.id! },
+        });
+
+        expect(teamMember).toBeDefined();
+        expect(teamMember.projectId?.toString()).toEqual(
+          project._id?.toString(),
+        );
+      });
     });
 
     describe("onCreateSuccess", () => {

package/UI/Components/Captcha/Captcha.tsx

@@ -0,0 +1,75 @@
+import HCaptcha from "@hcaptcha/react-hcaptcha";
+import React from "react";
+
+export interface CaptchaProps {
+  siteKey: string;
+  resetSignal?: number | undefined;
+  error?: string | undefined;
+  onTokenChange?: (token: string) => void;
+  onBlur?: (() => void) | undefined;
+  className?: string | undefined;
+}
+
+const Captcha: React.FC<CaptchaProps> = ({
+  siteKey,
+  resetSignal = 0,
+  error,
+  onTokenChange,
+  onBlur,
+  className,
+}: CaptchaProps): JSX.Element => {
+  const captchaRef: React.MutableRefObject<HCaptcha | null> =
+    React.useRef<HCaptcha | null>(null);
+  const onTokenChangeRef: React.MutableRefObject<
+    CaptchaProps["onTokenChange"]
+  > = React.useRef<CaptchaProps["onTokenChange"]>(onTokenChange);
+
+  React.useEffect(() => {
+    onTokenChangeRef.current = onTokenChange;
+  }, [onTokenChange]);
+
+  const handleTokenChange: (token: string | null) => void = React.useCallback(
+    (token: string | null) => {
+      onTokenChangeRef.current?.(token || "");
+    },
+    [],
+  );
+
+  React.useEffect(() => {
+    captchaRef.current?.resetCaptcha();
+    handleTokenChange("");
+  }, [resetSignal, handleTokenChange]);
+
+  if (!siteKey) {
+    return (
+      <div className={className || "text-center text-sm text-red-500"}>
+        Captcha is not configured.
+      </div>
+    );
+  }
+
+  return (
+    <div className={className || "flex flex-col items-center gap-2"}>
+      <HCaptcha
+        sitekey={siteKey}
+        ref={captchaRef}
+        onVerify={(token: string) => {
+          handleTokenChange(token);
+          onBlur?.();
+        }}
+        onExpire={() => {
+          handleTokenChange(null);
+          captchaRef.current?.resetCaptcha();
+          onBlur?.();
+        }}
+        onError={() => {
+          handleTokenChange(null);
+          onBlur?.();
+        }}
+      />
+      {error && <span className="text-sm text-red-500">{error}</span>}
+    </div>
+  );
+};
+
+export default Captcha;

package/UI/Config.ts

@@ -51,6 +51,9 @@ export const IS_ENTERPRISE_EDITION: boolean =
   env("IS_ENTERPRISE_EDITION") === "true";
 export const BILLING_PUBLIC_KEY: string = env("BILLING_PUBLIC_KEY") || "";
 
+export const CAPTCHA_ENABLED: boolean = env("CAPTCHA_ENABLED") === "true";
+export const CAPTCHA_SITE_KEY: string = env("CAPTCHA_SITE_KEY") || "";
+
 // VAPID Configuration for Push Notifications
 export const VAPID_PUBLIC_KEY: string = env("VAPID_PUBLIC_KEY") || "";