Fix App FIT contract

- Remove deprecated `version` property from `App` payload
- Add new `appVersion` and `license` property to `App` payload
- Update tests

Author: tbinna

modules/core/app/io/toolsplus/atlassian/connect/play/auth/frc/jwt/ForgeInvocationContext.scala

@@ -18,21 +18,32 @@ final case class Environment(`type`: String, id: String)
   */
 final case class Module(`type`: String, key: String)
 
+/**
+  * Contains information about the license of the app. This field is only present for paid apps in the production environment.
+  * `license` is undefined for free apps, apps in DEVELOPMENT and STAGING environments, and apps that are not listed on
+  * the Atlassian Marketplace.
+  *
+  * @param isActive Specifies if the license is active.
+  */
+final case class License(isActive: Boolean)
+
 /**
   *
   * @param installationId Identifier for the specific installation of an app. This is the value that any remote storage should be keyed against.
   * @param apiBaseUrl Base URL where all product API requests should be routed
   * @param id Forge application ID matching the value in the Forge manifest.yml
-  * @param version Forge application version being invoked
+  * @param appVersion Forge application version being invoked
   * @param environment Information about the environment the app is running in
   * @param module Information about the module that initiated this remote call
+  * @param license Information about the license associated with the app. This field is only present for paid apps in the production environment.
   */
 final case class App(installationId: String,
                      apiBaseUrl: String,
                      id: String,
-                     version: Int,
+                     appVersion: String,
                      environment: Environment,
-                     module: Module)
+                     module: Module,
+                     license: Option[License])
 
 /**
   * Forge invocation context represents the payload included in the Forge Invocation Token (FIT).

modules/core/app/io/toolsplus/atlassian/connect/play/auth/frc/jwt/ForgeRemoteJwtAuthenticationProvider.scala

@@ -56,8 +56,10 @@ class ForgeRemoteJwtAuthenticationProvider @Inject()(
 
   private def decodeForgeInvocationTokenPayload(fitPayload: String)
     : Either[JwtAuthenticationError, ForgeInvocationContext] =
-    decode[ForgeInvocationContext](fitPayload).leftMap(e =>
-      InvalidJwtError(e.getMessage))
+    decode[ForgeInvocationContext](fitPayload).leftMap { e =>
+      logger.error(s"Decoding of JWT failed: $e")
+      InvalidJwtError(e.getMessage)
+    }
 
   private def verifyJwt(credentials: ForgeRemoteCredentials,
                         invocationContext: ForgeInvocationContext)

modules/core/test/io/toolsplus/atlassian/connect/play/actions/asymmetric/AssociateAtlassianHostUserActionSpec.scala

@@ -4,7 +4,6 @@ import io.toolsplus.atlassian.connect.play.TestSpec
 import io.toolsplus.atlassian.connect.play.actions.ForgeRemoteRequest
 import io.toolsplus.atlassian.connect.play.api.models.{
   AtlassianHost,
-  AtlassianHostUser,
   DefaultAtlassianHostUser,
   DefaultForgeInstallation
 }
@@ -17,8 +16,6 @@ import io.toolsplus.atlassian.connect.play.auth.frc.jwt.{
   Environment,
   ForgeInvocationContext,
   ForgeInvocationTokenGen,
-  ForgeJWSVerificationKeySelector,
-  ForgeRemoteJwtAuthenticationProvider,
   Module
 }
 import io.toolsplus.atlassian.connect.play.auth.frc.{
@@ -30,10 +27,8 @@ import io.toolsplus.atlassian.jwt.generators.util.JwtTestHelper
 import org.scalatest.EitherValues
 import org.scalatestplus.play.guice.GuiceOneAppPerSuite
 import play.api.Configuration
-import play.api.http.Status.UNAUTHORIZED
 import play.api.mvc.Results.BadRequest
 import play.api.test.FakeRequest
-import play.api.test.Helpers.{contentAsString, status}
 
 import java.security.interfaces.RSAPublicKey
 import java.security.{KeyPair, PrivateKey}
@@ -60,14 +55,17 @@ class AssociateAtlassianHostUserActionSpec
   val forgeProperties = new AtlassianForgeProperties(config)
 
   val fakeForgeInvocationContext: ForgeInvocationContext =
-    ForgeInvocationContext(App("fake-installation-id",
-                               "fake-api-base-url",
-                               appId,
-                               1,
-                               Environment("fake-type", "fake-id"),
-                               Module("fake-type", "fake-key")),
-                           None,
-                           None)
+    ForgeInvocationContext(
+      App("fake-installation-id",
+          "fake-api-base-url",
+          appId,
+          "fake-app-version",
+          Environment("fake-type", "fake-id"),
+          Module("fake-type", "fake-key"),
+          None),
+      None,
+      None
+    )
 
   val keyId: String = "0e50fccb-239d-4991-a5db-dc850ba3f236"
   val keyPair: KeyPair = JwtTestHelper.generateKeyPair()

modules/core/test/io/toolsplus/atlassian/connect/play/actions/asymmetric/ForgeRemoteSignedForgeRemoteContextActionSpec.scala

@@ -48,14 +48,17 @@ class ForgeRemoteSignedForgeRemoteContextActionSpec
   val forgeProperties = new AtlassianForgeProperties(config)
 
   val fakeForgeInvocationContext: ForgeInvocationContext =
-    ForgeInvocationContext(App("fake-installation-id",
-                               "fake-api-base-url",
-                               appId,
-                               1,
-                               Environment("fake-type", "fake-id"),
-                               Module("fake-type", "fake-key")),
-                           None,
-                           None)
+    ForgeInvocationContext(
+      App("fake-installation-id",
+          "fake-api-base-url",
+          appId,
+          "fake-app-version",
+          Environment("fake-type", "fake-id"),
+          Module("fake-type", "fake-key"),
+          None),
+      None,
+      None
+    )
 
   val keyId: String = "0e50fccb-239d-4991-a5db-dc850ba3f236"
   val keyPair: KeyPair = JwtTestHelper.generateKeyPair()

modules/core/test/io/toolsplus/atlassian/connect/play/auth/frc/jwt/ForgeInvocationTokenProcessorSpec.scala

@@ -27,14 +27,19 @@ class ForgeInvocationTokenProcessorSpec
     mock[ForgeJWSVerificationKeySelector]
 
   val fakeForgeInvocationContext: ForgeInvocationContext =
-    ForgeInvocationContext(App("fake-installation-id",
-                               "fake-api-base-url",
-                               appId,
-                               1,
-                               Environment("fake-type", "fake-id"),
-                               Module("fake-type", "fake-key")),
-                           None,
-                           None)
+    ForgeInvocationContext(
+      App(
+        "fake-installation-id",
+        "fake-api-base-url",
+        appId,
+        "fake-app-version",
+        Environment("fake-type", "fake-id"),
+        Module("fake-type", "fake-key"),
+        Some(License(true))
+      ),
+      None,
+      None
+    )
 
   "Given a ForgeInvocationTokenProcessor" when {
 

modules/core/test/io/toolsplus/atlassian/connect/play/auth/frc/jwt/ForgeRemoteJwtAuthenticationProviderSpec.scala

@@ -42,14 +42,19 @@ class ForgeRemoteJwtAuthenticationProviderSpec
     mock[ForgeJWSVerificationKeySelector]
 
   val fakeForgeInvocationContext: ForgeInvocationContext =
-    ForgeInvocationContext(App("fake-installation-id",
-                               "fake-api-base-url",
-                               appId,
-                               1,
-                               Environment("fake-type", "fake-id"),
-                               Module("fake-type", "fake-key")),
-                           None,
-                           None)
+    ForgeInvocationContext(
+      App(
+        "fake-installation-id",
+        "fake-api-base-url",
+        appId,
+        "fake-app-version",
+        Environment("fake-type", "fake-id"),
+        Module("fake-type", "fake-key"),
+        Some(License(true))
+      ),
+      None,
+      None
+    )
 
   val authenticationProvider =
     new ForgeRemoteJwtAuthenticationProvider(