XWIKI-22926: Make it possible to configure the batch size in the Solr index synchronization on startup (#3928)

* Add a new configuration property for configuring the batch size of the
  initial Solr indexing synchronization.
* Update and add tests.

(cherry picked from commit db2814b6)

* introduce an (internal) extensible validation system HQL queries
* introduce a new validator based on configurable regex of safe/unsafe regex patterns

(cherry picked from commit 620256c2)

Michael Hamann authored 5 months ago and Simon Urli committed 5 months ago

* Convert to PDF and extract images from the PDF
* Adapt the unit test
* Change the output format to PNG
* Change the default image format back to JPEG.
* Read the old office converter configuration for size and quality.
* Add new configuration options for format, quality and image size.
* Revert "[Misc] Force using old version of LO until XWIKI-22335 is done"
* Revert "[Misc] Revert LO upgrade because of XWIKI-22335"
* Fix existing comments in DefaultPresentationBuilder
* Provide new properties in xwiki.properties
* Fallback in document-formats.js in case custom-document-formats is
    not used for backward compatibility
* Provide unit test
* Improve a bit ServletContainerExecutor to have better understanding
    in case of error when building LO image

This reverts commit 29e45435.
This reverts commit f19ea82a.
This reverts commit 32a20ae0.

---------

Co-authored-by: Simon Urli <simon.urli@xwiki.com>
(cherry picked from commit acd6ed3f)

* Add the option `attachment.upload.enableComments`
* With the option enabled:
  * Add a text input during upload to set a summary
  * Display the summaries for each revision in attachment history
* Add a UI test
* Use XWiki form standard
* Improve UI

Change the mechanism of the reset password token to not reset it at each
verification code check, but only when the password is actually reset,
and when its lifetime expired.
Also provide a mandatory document initializer for the
ResetPasswordRequest xclass.

Change a bit more the logic: if the token lifetime configuration is set
to 0 (which was the default) then we automatically remove the reset
password request xobject at first wrong attempt (bad verification code):
it will prevent any bruteforce attack. Then if there's a token lifetime
configuration set, we don't remove the xobject when a bad attempt is
performed: user might have used the wrong mail for example. But we do
remove the xobject when it's expired. And if it's expired, or if the
code was wrong, in both cases we immediately return an error.

Move ResetPasswordIT and ForgotUserNameIT from
administration-test-docker to a new module
security-authentication-test-docker since it's related to
security-authentication module now.

---------

Co-authored-by: Manuel Leduc <manuel.leduc@xwiki.com>

Start refactoring by removing entirely
NotificationFilterPreferenceConfiguration since it's now useless. Remove
also calls to useMainStore/useLocalStore where needed and fix tests.
Started to define migration but not implemted yet.

  * Provide migration of filters
  * Remove options from configuration
  * Fix migration issue
  * Bulletproof a bit the migration
  * Fix property file
  * Provide unit test for the migration

Co-authored-by: Manuel Leduc <manuel.leduc@xwiki.com>

* Add a new method `getRequiredRight` to `MacroPermissionPolicy` and implement it for the different script macros
* Introduce a RequiredRightAnalyzer role to analyze the rights that are required by a document, macro or XObject
* Add generic analyzers for macros and objects
* Add generic script macro support
* Add an analyzer for XWiki.RequiredRightClass
* Add an analyzer for skin extensions
* Add a component for printing the content of an XObject
* Add a component for printing macro parameters and content.
* Introduce RequiredRightsEditConfirmationChecker
* Introduce RequiredRightsAddedFilter to filter results according to the document author
* package the UI by default in xwiki-platform-distribution-flavor-common
* Minimal docker test + Page objects
* Introduce a configuration to enable the required right analysis, disabled by default as long as it is incomplete and not polished
---------

Co-authored-by: Manuel Leduc <manuel.leduc@xwiki.com>

* Replace the xwikiHost configuration with xwikiURI in order to allow specifying the scheme/protocol and port number besides the domain name or IP address.

XWIKI-21170: Improve the error message shown when the PDF export size limit is exceeded
XWIKI-20881: Don't enforce the size limit on single page PDF exports

* Cache failures
* Properly dispose the caches
* Only send requests to trusted domains
* Only embed actual images
* Limit responses to 1MB
* Introduce configuration options for timeout, maximum size and if the
  feature is enabled at all
* Add a UI test that checks that attachment embedding is working in
  general
* Move to httpclient5
* Expose the cookie domains configuration in AuthenticationConfiguration

  * Remove the property from xwiki.properties.vm and the only usage of
    it in XWiki.java
  * Move all deprecated APIs that are no longer used to legacy
  * Add revapi ignores related to aspectj bug (see:
    https://github.com/eclipse-aspectj/aspectj/issues/246)

  * Move code and components for live email notifications with
    post-filtering to legacy modules
  * Deprecate configuration method related that check if prefiltering is
    enabled as it's now the standard
  * Remove the configuration from xwiki.properties to turn off
    prefiltering
  * Move deprecated NotificationManager to legacy
  * Move the API NotificationConfiguration#isEventPrefilteringEnabled to legacy and every implementations relying on it too

Co-authored-by: Thomas Mortagne <thomas.mortagne@xwiki.com>

XWIKI-21011: Mail resender script service API resends all mails when called from a subwiki
XWIKI-21015: Missing legacy instance APIs in distribution
* Also add missing EM categories
* Fix typo in MailResender.xml (in the "from" test)
* Make the resender scheduer job execute as XWiki.superadmin
* Male the MailResender.xml document customizable instead of demo to avoid deleting it (it's now an official feature)
* Add debug logs when resending mail
* Fix mail resender scheduler typo in description

Previous work was about introducing strategies to group events for creating
composite events. This work is about strategies for chosing how many
mails should be sent for each composite event to notify by email.
Historically the strategy was hardcoded and consisted in putting all
composite events in the same email. Here we provide different
strategies: the previous one, but also a strategy allowing to send one
email per composite event, and another one allowing to send a separate
email specifically for mentions.

That work also improves previous API to use a clear UserReference
instead of a String which is vague.

Co-authored-by: Manuel Leduc <manuel.leduc@xwiki.com>
Co-authored-by: Thomas Mortagne <thomas.mortagne@xwiki.com>

XWIKI-20937: Add support for configuring an user property to be displayed as hint by the user picker

* update documentation

* Add the What's New extension to XS

* Update link to allowed HTML tags (and attributes, to keep them in
  sync) in the configuration.

* Fix error (thanks Thomas for checking)

This reverts commits
  * d56fd930
  * 1ea01e4c
  * f1393f94

  * re-apply changes previously done
  * Add missing quoting during URI parsing to avoid parse errors.
  * Provide new API to obtain a safe URI based on a string
  * Fix since and doc

Co-authored-by: Michael Hamann <michael.hamann@xwiki.com>

This reverts commit 5b1c3e6a.

- Provide two implementations of the tag selection
- Introduce the tag.rightCheckStrategy.hint property to select the active implementation
- Improve the Livetable result template to prevent re-computing the tagcloud with the same parameters twice

  * Define a new API in URLSecurityManager to check trustfulness of an
    URI
  * Use that API in XWikiServletResponse#redirect
  * Define a new script service API to perform same check in scripts
  * Add new configurations to be able to define the URI schemes
    supported for trusted URIs
  * Improve a bit documentation and add some more unit tests
  * Move the new script service to a dedicated URLSecurityScriptService
  * Simplify some code by removing unnecessary property
  * Add test to the new script service method

* Make it more clear

* Add a new configuration option.
* Migrate tests to JUnit 5 and add a new test.

* reduce default maximum attachment size to 1MB
* add missing xwiki.properties entry

- Offer a generic interface to validate attachments
- Integration server side on file upload through the UI + on the rest API
- Integration client side on the file upload pane + on CKEditor image upload
- Introduce a new xwiki:actions:beforeUpload javascript event to add additional client side attachment validations

XWIKI-20189: Allow delegating the creation of database/schema/user to an infra admin when creating a new subwiki