Merge pull request #1503 from DependencyTrack/bom-upload-project-uuid

Author: nscuro

apiserver/src/main/java/org/dependencytrack/resources/v1/BomResource.java

@@ -574,8 +574,8 @@ private ProcessingResult process(QueryManager qm, Project project, String encode
             final BomUploadEvent bomUploadEvent = new BomUploadEvent(qm.detach(Project.class, project.getId()), bomFileMetadata);
             qm.createWorkflowSteps(bomUploadEvent.getChainIdentifier());
 
-            BomUploadResponse bomUploadResponse = new BomUploadResponse();
-            bomUploadResponse.setToken(bomUploadEvent.getChainIdentifier());
+            final var bomUploadResponse = new BomUploadResponse(
+                    bomUploadEvent.getChainIdentifier(), project.getUuid());
             final var response = Response.ok(bomUploadResponse).build();
 
             return new ProcessingResult(response, bomUploadEvent);
@@ -610,8 +610,8 @@ private ProcessingResult process(QueryManager qm, Project project, List<FormData
 
                 qm.createWorkflowSteps(bomUploadEvent.getChainIdentifier());
 
-                BomUploadResponse bomUploadResponse = new BomUploadResponse();
-                bomUploadResponse.setToken(bomUploadEvent.getChainIdentifier());
+                final var bomUploadResponse = new BomUploadResponse(
+                        bomUploadEvent.getChainIdentifier(), project.getUuid());
                 final var response = Response.ok(bomUploadResponse).build();
 
                 return new ProcessingResult(response, bomUploadEvent);

apiserver/src/main/java/org/dependencytrack/resources/v1/VexResource.java

@@ -64,7 +64,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Base64;
-import java.util.Collections;
 import java.util.List;
 
 /**
@@ -280,7 +279,10 @@ private Response process(QueryManager qm, Project project, String encodedVexData
             BomResource.validate(decoded, project);
             final VexUploadEvent vexUploadEvent = new VexUploadEvent(project.getUuid(), decoded);
             Event.dispatch(vexUploadEvent);
-            return Response.ok(Collections.singletonMap("token", vexUploadEvent.getChainIdentifier())).build();
+
+            final var bomUploadResponse = new BomUploadResponse(
+                    vexUploadEvent.getChainIdentifier(), project.getUuid());
+            return Response.ok(bomUploadResponse).build();
         } else {
             return Response.status(Response.Status.NOT_FOUND).entity("The project could not be found.").build();
         }
@@ -299,7 +301,10 @@ private Response process(QueryManager qm, Project project, List<FormDataBodyPart
                     BomResource.validate(content, project);
                     final VexUploadEvent vexUploadEvent = new VexUploadEvent(project.getUuid(), content);
                     Event.dispatch(vexUploadEvent);
-                    return Response.ok(Collections.singletonMap("token", vexUploadEvent.getChainIdentifier())).build();
+
+                    final var bomUploadResponse = new BomUploadResponse(
+                            vexUploadEvent.getChainIdentifier(), project.getUuid());
+                    return Response.ok(bomUploadResponse).build();
                 } catch (IOException e) {
                     return Response.status(Response.Status.BAD_REQUEST).build();
                 }

apiserver/src/main/java/org/dependencytrack/resources/v1/vo/BomUploadResponse.java

@@ -28,13 +28,22 @@ public class BomUploadResponse implements Serializable {
     private static final long serialVersionUID = -7592436786586686865L;
 
     @Schema(requiredMode = Schema.RequiredMode.REQUIRED, description = "Token used to check task progress")
-    private UUID token;
+    private final UUID token;
 
-    public void setToken(UUID token) {
+    @Schema(requiredMode = Schema.RequiredMode.REQUIRED, description = "UUID of the project the BOM was uploaded for")
+    private final UUID projectUuid;
+
+    public BomUploadResponse(final UUID token, final UUID projectUuid) {
         this.token = token;
+        this.projectUuid = projectUuid;
     }
 
     public UUID getToken() {
         return this.token;
     }
+
+    public UUID getProjectUuid() {
+        return projectUuid;
+    }
+
 }

apiserver/src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java

@@ -1056,9 +1056,14 @@ public void uploadBomTest() throws Exception {
                 .put(Entity.entity(request, MediaType.APPLICATION_JSON));
         Assert.assertEquals(200, response.getStatus(), 0);
         JsonObject json = parseJsonObject(response);
-        Assert.assertNotNull(json);
-        Assert.assertNotNull(json.getString("token"));
-        Assert.assertTrue(UuidUtil.isValidUUID(json.getString("token")));
+        assertThatJson(json.toString())
+                .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
+                .isEqualTo(/* language=JSON */ """
+                        {
+                          "token": "${json-unit.any-string}",
+                          "projectUuid": "${json-unit.matches:projectUuid}"
+                        }
+                        """);
         UUID uuid = UUID.fromString(json.getString("token"));
         assertThat(qm.getAllWorkflowStatesForAToken(uuid)).satisfiesExactlyInAnyOrder(
                workflowState -> {
@@ -1527,9 +1532,10 @@ public void uploadBomAutoCreateWithTagsMultipartTest() throws Exception {
                 .header(X_API_KEY, apiKey)
                 .post(Entity.entity(multiPart, multiPart.getMediaType()));
         assertThat(response.getStatus()).isEqualTo(200);
-        assertThatJson(getPlainTextBody(response)).isEqualTo("""
+        assertThatJson(getPlainTextBody(response)).isEqualTo(/* language=JSON */ """
                 {
-                  "token": "${json-unit.any-string}"
+                  "token": "${json-unit.any-string}",
+                  "projectUuid": "${json-unit.any-string}"
                 }
                 """);
 
@@ -1560,11 +1566,14 @@ public void uploadBomProtobufFormatTest() {
                 .header(X_API_KEY, apiKey)
                 .post(Entity.entity(multiPart, multiPart.getMediaType()));
         assertThat(response.getStatus()).isEqualTo(200);
-        assertThatJson(getPlainTextBody(response)).isEqualTo("""
-                {
-                  "token": "${json-unit.any-string}"
-                }
-                """);
+        assertThatJson(getPlainTextBody(response))
+                .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
+                .isEqualTo(/* language=JSON */ """
+                        {
+                          "token": "${json-unit.any-string}",
+                          "projectUuid": "${json-unit.matches:projectUuid}"
+                        }
+                        """);
 
         final var projectResponse = qm.getProject("Acme Example", "1.0");
         assertThat(projectResponse).isNotNull();

apiserver/src/test/java/org/dependencytrack/resources/v1/VexResourceTest.java

@@ -421,6 +421,14 @@ public void uploadVexAclTest() {
 
         response = responseSupplier.get();
         assertThat(response.getStatus()).isEqualTo(200);
+        assertThatJson(getPlainTextBody(response))
+                .withMatcher("projectUuid", equalTo(project.getUuid().toString()))
+                .isEqualTo(/* language=JSON */ """
+                        {
+                          "token": "${json-unit.any-string}",
+                          "projectUuid": "${json-unit.matches:projectUuid}"
+                        }
+                        """);
     }
 
     @Test